OpenEXR

A remote, anonymous attacker can exploit a vulnerability in Red Hat Enterprise Linux (openEXR) to execute arbitrary program code.

A heap out-of-bounds write vulnerability exists in OpenEXR's DWA lossy decoder due to integer overflow during block pointer calculation, triggered via crafted DWAA files, leading to crashes during DCT execution.

OpenEXR is vulnerable to a heap information disclosure in PXR24 decompression, where the undo_pxr24_impl function ignores the actual decompressed size, potentially leading to the exposure of uninitialized heap memory when processing crafted EXR files.