Topics

OpenEXR v2.5.2 and v2.4.2 released

Cary Phillips
 

OpenEXR v2.5.2 and v2.4.2 have been released and are available for download at https://github.com/AcademySoftwareFoundation/openexr/releases.

OpenEXR v2.5.2 is a patch release with various bug/security and build/install fixes:
  • Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()
  • Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()
  • Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()
  • OpenEXRConfig.h now correctly sets OPENEXR_PACKAGE_STRING to "OpenEXR" (rather than "IlmBase")
  • Various Windows build fixes
OpenEXR v2.4.2 is also a patch release that backports the bug fixes to v2.4:
  • Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()
  • Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()
  • Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()
  • OpenEXRConfig.h now correctly sets OPENEXR_PACKAGE_STRING to "OpenEXR" (rather than "IlmBase")

--
Cary Phillips | R&D Supervisor | ILM | San Francisco