Resource Management Errors Affecting academysoftwarefoundation/openexr package, versions [,2.4.0-beta.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.16% (53rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-ACADEMYSOFTWAREFOUNDATIONOPENEXR-2440420
  • published26 Jan 2022
  • disclosed17 Oct 2018
  • creditUnknown

Introduced: 17 Oct 2018

CVE-2018-18443  (opens in a new tab)
CWE-399  (opens in a new tab)

How to fix?

Upgrade academysoftwarefoundation/openexr to version 2.4.0-beta.1 or higher.

Overview

Affected versions of this package are vulnerable to Resource Management Errors. OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.

CVSS Base Scores

version 3.1