OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3…

OpenEXR, an image storage format for the motion picture industry, contains an integer overflow vulnerability in ImageChannel::resize function. The vulnerability affects versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11. The integer overflow leads to heap out-of-bounds write via OpenEXRUtil public API. This vulnerability has been patched in versions 3.2.9, 3.3.11, and 3.4.11. The issue poses significant security risks as it allows memory corruption attacks through heap buffer overflow.