Syoyo Fujita · Tinyexr · CVE-2018-12064
**Name of the Vulnerable Software and Affected Versions**
tinyexr version 0.9.5
**Description**
The issue is related to a heap-based buffer over-read that occurs via the `tinyexr::ReadChannelInfo` function in `tinyexr.h`.
**Recommendations**
For tinyexr version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this issue.