USN-5150-1: OpenEXR vulnerability
17 November 2021
OpenEXR could be made to crash if it opened a specially crafted file.
Releases
Packages
- openexr - tools for the OpenEXR image format
Details
It was discovered that OpenEXR incorrectly handled certain EXR image files.
An attacker could possibly use this issue to cause a crash.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
Ubuntu 16.04
-
libopenexr22
-
2.2.0-10ubuntu2.6+esm3
Available with Ubuntu Pro
-
openexr
-
2.2.0-10ubuntu2.6+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5620-1: openexr, openexr-doc, libopenexr24, libopenexr25, libopenexr-dev