A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
Flaw summary:
A 1x1 pixel image could cause a null pointer dereference during preview generation due to flawed off-by-one comparisons in OpenEXR/exrmakepreview/makePreview.cpp generatePreview(). The patch fixes the calculations to properly handle 1x1 images.
Upstream patch: https://github.com/peterhillman/openexr/commit/587ad0ead9b38fd7ced800389bf024820626aa80