github AcademySoftwareFoundation/openexr v3.3.6
on GitHub

latest releases: v3.4.5, v3.3.7, v3.3.7-rc4...
3 months ago

Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data.

Specifically:

  • Buffer overflow in PyOpenEXR_old's channels() and channel() in legacy python, reported by Joshua Rogers (GitHub: MegaManSec).
  • Use after free in PyObject_StealAttrString in legacy python, reported by Joshua Rogers (GitHub: MegaManSec).
  • Use of Uninitialized Memory in openexr, reported by Aldo Ristori (GitHub: Kaldreic).
  • Heap-based Buffer Overflow Remote Code Execution Vulnerability, reported by Trend Micro Zero Day Initiative.

Full changelog: v3.3.5..v3.3.6

Check out latest releases or
releases around AcademySoftwareFoundation/openexr v3.3.6

Don't miss a new openexr release

NewReleases is sending notifications on new releases.

Get notifications