CVE-2018-12064
Description
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"A heap-based buffer over-read occurs in the `tinyexr::ReadChannelInfo` function due to incorrect size calculations when processing EXR file data."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted EXR file to the tinyexr library. The vulnerability is triggered during the parsing of the EXR header, specifically when the `tinyexr::ReadChannelInfo` function attempts to read channel information. This leads to an out-of-bounds read from the heap.
Affected code
The vulnerability resides in the `tinyexr::ReadChannelInfo` function within the `tinyexr.h` file, specifically at line 7320. The issue is also present in related parsing functions like `tinyexr::ParseEXRHeader` and `tinyexr::ParseEXRHeaderFromMemory` which call `ReadChannelInfo`.
What the fix does
The patch addresses the heap-based buffer over-read by ensuring that the size of data read for channel information does not exceed the allocated buffer. Specifically, it corrects the calculation of the size to be read, preventing the out-of-bounds access that caused the crash. This ensures that the program handles EXR file data more safely and avoids memory corruption.
Preconditions
- inputThe target application must process an EXR file.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aeamitrex_refsource_MISC
News mentions
0No linked articles in our index yet.