Site Navigation

Date:      Mon, 23 Feb 2026 00:22:36 +0000
From:      Daniel Engberg <diizzy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Cc:        Matthias Andree <mandree@FreeBSD.org>
Subject:   git: 78385925f602 - main - security/vuxml: Add openexr < 3.4.5
Message-ID:  <699b9dcc.3c91c.6888aba9@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=78385925f602b550e90a1171f846d1939da22b86

commit 78385925f602b550e90a1171f846d1939da22b86
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2026-02-22 10:57:04 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2026-02-23 00:22:11 +0000

    security/vuxml: Add openexr < 3.4.5
    
    Security:       716d25a6-0fdc-11f1-bfdf-ff9355aecb00
---
 security/vuxml/vuln/2026.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 45e5491807a5..9d3a1d3c3276 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,30 @@
+  <vuln vid="716d25a6-0fdc-11f1-bfdf-ff9355aecb00">
+    <topic>openexr -- buffer overflow in istream_nonparallel_read on invalid input data</topic>
+    <affects>
+      <package>
+	<name>openexr</name>
+	<range><lt>3.3.7</lt></range>
+	<range><ge>3.4.0</ge><lt>3.4.5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Cary Phillips reports:</p>
+	<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.5">;
+	  <p>[openexr] v3.4.5 [...] fixes an incorrect size check in istream_nonparallel_read that could lead to a buffer overflow on invalid input data.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.5</url>;
+      <url>https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef</url>;
+    </references>
+    <dates>
+      <discovery>2026-02-16</discovery>
+      <entry>2026-02-22</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="428e782a-0e92-11f1-a9b1-0cc47ada5f32">
     <topic>jenkins -- multiple vulnerabilities</topic>
     <affects>

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?699b9dcc.3c91c.6888aba9>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact