CVE-2021-20296

NULL Pointer Dereference in conan/openexr

Identifier

CVE-2021-20296

Package Slug

conan/openexr

Vulnerability

NULL Pointer Dereference

Description

A crafted input file supplied by an attacker that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Affected Versions

All versions before 2.5.4

Solution

Upgrade to version 2.5.4 or above.

Last Modified

2021-04-22

source