OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
OpenEXR versions 3.2.0 through 3.2.6, 3.3.0 through 3.3.8, and 3.4.0 through 3.4.8 contain an integer overflow vulnerability in the DWA lossy decoder that causes pointer wraparound when processing large image widths. This allows attackers to write data outside allocated memory boundaries, potentially leading to denial of service or code execution.
يحتوي OpenEXR على ثغرة تجاوز عدد صحيح في فك تشفير DWA حيث يتم حساب مؤشرات الكتل المؤقتة باستخدام حسابات 32-بت موقعة. عند معالجة صور بعرض كبير جداً، يحدث تجاوز يؤدي إلى كتابة البيانات خارج منطقة الذاكرة المخصصة.
OpenEXR versions 3.2.0 through 3.2.6, 3.3.0 through 3.3.8, and 3.4.0 through 3.4.8 contain an integer overflow vulnerability in the DWA lossy decoder that causes pointer wraparound when processing large image widths. This allows attackers to write data outside allocated memory boundaries, potentially leading to denial of service or code execution.
Update OpenEXR to version 3.2.7, 3.3.9, 3.4.9 or later. Organizations using affected versions should immediately patch their systems and validate that all EXR processing tools are updated to the fixed versions.
قم بتحديث OpenEXR إلى الإصدار 3.2.7 أو 3.3.9 أو 3.4.9 أو أحدث. يجب على المنظمات التي تستخدم الإصدارات المتأثرة تطبيق التصحيح فوراً والتحقق من تحديث جميع أدوات معالجة EXR.