v2.4.3
Patch release for v2.4 that addresses the following security vulnerabilities:
- CVE-2021-20296 Segv on unknown address in Imf_2_5::hufUncompress - Null Pointer dereference (817)
- CVE-2021-3479 Out-of-memory in openexr_exrenvmap_fuzzer (830)
- CVE-2021-3478 Out-of-memory in openexr_exrcheck_fuzzer (863)
- CVE-2021-3477 Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (861)
- CVE-2021-3476 Undefined-shift in Imf_2_5::unpack14 (832)
- CVE-2021-3475 Integer-overflow in Imf_2_5::calculateNumTiles (825)
- CVE-2021-3474 Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (818)
Also:
- 1013 Fixed regression in Imath::succf() and Imath::predf() when negative values are given