USN-5144-1: OpenEXR vulnerability
11 November 2021
OpenEXR could be made to crash or execute arbitrary code if it received a specially crafted EXR file.
Releases
Packages
- openexr - tools for the OpenEXR image format
Details
It was discovered that OpenEXR incorrectly handled certain EXR
image files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
Ubuntu 16.04
-
libopenexr22
-
2.2.0-10ubuntu2.6+esm2
Available with Ubuntu Pro
-
openexr
-
2.2.0-10ubuntu2.6+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5620-1: openexr, libopenexr-dev, libopenexr25, libopenexr24, openexr-doc