A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
Created OpenEXR tracking bugs for this issue:
Affects: fedora-all [bug 1929316]
This flaw does not affect Red Hat Enterprise Linux 8 because the vulnerable exrmakepreview program is not shipped.
A 1x1 pixel image could cause a null pointer dereference during preview generation due to flawed off-by-one comparisons in OpenEXR/exrmakepreview/makePreview.cpp generatePreview(). The patch fixes the calculations to properly handle 1x1 images.
Upstream patch: https://github.com/peterhillman/openexr/commit/587ad0ead9b38fd7ced800389bf024820626aa80