oss-sec mailing list archives
OpenEXR : CVE-2017-14988 : DOS in Header::readfrom
From: "NOIRFATE" <noirfate () vip qq com>
Date: Mon, 9 Oct 2017 15:52:06 +0800
Description: The Header::readfrom function may allocate any size of memory specified by user via a crafted exr image file, and cause DOS. Affected version: openexr 2.2.0 Fixed version: No upstream fix available Details: https://github.com/openexr/openexr/issues/248 Credit: This bug was discovered by Yihan Lian of GearTeam at Qihoo360 CVE: CVE-2017-14988
Current thread:
- OpenEXR : CVE-2017-14988 : DOS in Header::readfrom NOIRFATE (Oct 09)