FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenEXR < 3.4.3 -- multiple vulnerabilities

Affected packages
openexr < 3.4.3

Details

VuXML ID c71a3914-ba96-11f0-aada-f59a8ea34d12
Discovery 2025-10-29
Entry 2025-11-05

Cary Phillips reports:

Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data.

[source]

He goes on to report various relevant items including heap buffer overflows, use-after-free, use of uninitialized memory and other bugs, several of them found by OSS-fuzz, and some also found in OpenJPH.

References

URL https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.