Jungwoojjing

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions 3.3.0 through 3.3.6 OpenEXR versions 3.4.0 through 3.4.4 **Description** OpenEXR is an image storage format used in the motion picture industry. A heap-buffer-overflow (out-of-bounds read) can occur in the `istream nonparallel read` function within the `ImfContextInit.cpp` file when processing a specially crafted, malformed EXR file using a memory-mapped `IStream`. This happens because a negative value resulting from a signed integer subtraction is converted to `size t`, leading to an excessively large length being used in a `memcpy` operation. **Recommendations** Update to OpenEXR version 3.3.7 or later. Update to OpenEXR version 3.4.5 or later.

**Name of the Vulnerable Software and Affected Versions** HarfBuzz versions prior to 12.3.0 **Description** HarfBuzz is a text shaping engine. A null pointer dereference issue exists in the `SubtableUnicodesCache::create` function, located in src/hb-ot-cmap-table.hh. The function does not verify if `hb malloc` returns NULL before attempting to construct an object at the returned pointer address. If `hb malloc` fails to allocate memory, it returns NULL, and the code then attempts to call the constructor on this null pointer, leading to undefined behavior and a Segmentation Fault. This issue was detected through simulated memory allocation failures in a fuzzing environment. **Recommendations** Update to HarfBuzz version 12.3.0 or later.

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.1.2-0 Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 experience infinite lines during a specific XMP file conversion command when writing. Recommendations: Update to version 7.1.2-0 or later.