A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
External References: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1929321]
Statement: This flaw is out of support scope for OpenEXR as shipped with Red Hat Enterprise Linux 6 and 7. For more information on Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata/ .
Flaw summary: MultiPartInputFile::Data::chunkOffsetReconstruction() in OpenEXR/IlmImf/ImfMultiPartInputFile.cpp has an off-by-one error allowing an invalid index to be used when restructuring the chunk offset table. This could cause an out-of-bounds read. Upstream patch: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a