What the vulnerability does

01Description

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.

Key dates

02Disclosure timeline

March 31, 2021 CVE published
August 3, 2024 Record updated