A heap-buffer overflow was found in the readChars function of OpenEXR in versions before 3.0.3. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. Upstream issue: https://github.com/AcademySoftwareFoundation/openexr/issues/1033 Upstream patch: https://github.com/AcademySoftwareFoundation/openexr/pull/1037/commits/b0eeb890016a8c9dc0830f0b7be5a9c52cb829d4
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1970988] Created mingw-OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1970989]