JLSEC-2026-129
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-129.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-129.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2026-129
- Upstream
- Published
- 2026-04-17T15:19:54.657Z
- Modified
- 2026-04-17T15:30:12.736204Z
- Summary
- [none]
- Details
-
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3605", "id": "CVE-2021-3605", "imported": "2026-04-17T13:59:24.207Z", "published": "2021-08-25T19:15:14.757Z", "modified": "2024-11-21T06:21:57.633Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3605", "database_specific": { "status": "Modified" } } ] }- References
-
- https://bugzilla.redhat.com/show_bug.cgi?id=1970991
- https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
- https://security.gentoo.org/glsa/202210-31
- https://www.debian.org/security/2022/dsa-5299
- https://bugzilla.redhat.com/show_bug.cgi?id=1970991
- https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
- https://security.gentoo.org/glsa/202210-31
- https://www.debian.org/security/2022/dsa-5299