CVE-2021-23169

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.0.1

Description A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR. This issue allows an attacker to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations For OpenEXR versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the copyIntoFrameBuffer function until a patch is available. Restrict access to applications compiled against OpenEXR to minimize the risk of exploitation.