Article Source Ubuntu Security Notices
September 14, 2009, 11:11 am
September 14, 2009, 11:11 am
Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721)
It was discovered that OpenEXR did not properly handle certain malformed EXR image files…