OpenEXR v2.5.5 Release Notes
Release Date: 2021-02-12 // about 3 years ago-
๐ Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files, but also a fix for universal ๐ build support on macOS.
Specific OSS-fuzz issues include:
- OSS-fuzz 30291 Timeout in openexr_exrcheck_fuzzer
- OSS-fuzz 29106 Heap-buffer-overflow in Imf_2_5::FastHufDecoder::decode
- OSS-fuzz 28971 Undefined-shift in Imf_2_5::cachePadding
- OSS-fuzz 29829 Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers
- OSS-fuzz 30121 Out-of-memory in openexr_exrcheck_fuzzer
๐ Merged Pull Requests
- 914 additional verification of DWA data sizes
- โก๏ธ 910 update tileoffset sanitycheck to handle ripmaps
- 903 prevent overflows by using Int64 for all vars in DWA initialize
- 901 Use size_t for DWA buffersize calculation
- 897 prevent overflow in RgbaFile cachePadding
- 896 add buffer size validation to FastHuf decode
- 893 Include where required by newer compilers
- 889 Add explicit #include for numeric_limits
- ๐ 854 Fix Apple Universal 2 (arm64/x86_64) builds