Tree: 4f27f4fc38

af/UniformUnmanagedMemoryPoolMemoryAllocator-02-MemoryGuards

af/allocator-fun-1

af/ci-test-3.1.x

af/conversion-experiments

af/decoder-tests

af/fast-dev-hack

af/image-destroyer-01

af/langversion

af/merge-core

af/mmf-poc

af/octree-no-pixelmap

af/pbm-eof-01

af/prototyping-baseline

af/qhack03

arm

defect/2696

gh-pages

js/aligned-memory-experiments

js/color-alpha-handling

js/fix-2859

js/gif-lzw-encoder

js/sanitize-foreground-rectangle

main

proposal/Metadata-OriginalImageFormat

qoi

release/1.0.x

release/2.1.x

release/3.1.x

release/v3.0.x

sp/auto-matrix-linear-decomposition

sp/convolution-speedup-v2

sp/resize-map-optimizations

sp/target-image-decoding

sw/telemetry

sw/track-stacktraces

v4/2696

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-beta3

v1.0.0-beta4

v1.0.0-beta5

v1.0.0-beta6

v1.0.0-beta7

v1.0.0-rc.1

v1.0.0-rc.2

v1.0.0-rc.3

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v2.0.0

v2.1.0

v2.1.1

v2.1.10

v2.1.11

v2.1.12

v2.1.13

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.12

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v4.0.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '4f27f4fc38'

${ noResults }

Commit Graph

1 Commits (4f27f4fc38c1a3bf7d7fbbdfb1ba74922cc2630d)

Author	SHA1	Message	Date
Sven Claesson	c795d81404	Fix integer overflow and bounds-checking vulnerabilities in EXR decoder (#3126) * Fix integer overflow and bounds-checking vulnerabilities in EXR decoder Use ulong arithmetic in CalculateBytesPerRow and block size calculations to prevent integer overflow. Add validation for DataWindow dimensions, block size limits, and row offsets outside stream bounds. * Harden EXR row offset validation * EXR: validate sizes, prevent overflows, dispose image --------- Co-authored-by: James Jackson-South <james_south@hotmail.com>	4 weeks ago