Name of the Vulnerable Software and Affected Versions:

OpenEXR versions 3.3.0 through 3.3.2

Description:

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. A heap-based buffer overflow occurs during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header.

Recommendations:

Update to version 3.3.3 or later.