Launchpad.net

CVE 2018-12503

tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.

See the CVE page on Mitre.org for more details.