Manh Dung

**Name of the Vulnerable Software and Affected Versions** OpenEXR version 2.3.0 **Description** A head-based buffer overflow exists in the `writeTileData` function of OpenEXR that can cause a denial of service via a crafted EXR file. This issue is related to writing beyond the boundaries of a buffer. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For OpenEXR version 2.3.0, consider disabling the `writeTileData` function in `ImfTiledOutputFile.cpp` to prevent exploitation until a patch is available. Avoid using crafted EXR files that could trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Academy Software Foundation OpenEXR version 2.3.0 **Description** A heap-based buffer overflow issue exists in the `chunkOffsetReconstruction` function within the `ImfMultiPartInputFile.cpp` file. This can cause a denial of service when a crafted EXR file is used. The vulnerability is related to a buffer overflow, which may allow a remote attacker to cause a service disruption. **Recommendations** For Academy Software Foundation OpenEXR version 2.3.0, consider disabling the `chunkOffsetReconstruction` function in `ImfMultiPartInputFile.cpp` as a temporary workaround until a patch is available. Restrict access to crafted EXR files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.