What the vulnerability does

01Description

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

Key dates

02Disclosure timeline

March 31, 2021 CVE published
August 3, 2024 Record updated