CVE-2018-12503
Description
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"A heap-based buffer over-read occurs in the LoadEXRImageFromMemory function when processing EXR image data."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted EXR image file to the LoadEXRImageFromMemory function. The vulnerability is triggered during the processing of this malformed image data, leading to a heap-based buffer over-read. This can occur when the `test_tinyexr` utility is used with a malicious test case file [ref_id=1].
Affected code
The vulnerability is located in the `LoadEXRImageFromMemory` function within the `tinyexr.h` file. The issue is specifically triggered at line 10925, column 5, during the processing of EXR image data [ref_id=1].
What the fix does
The provided bundle does not contain information about a patch or specific remediation steps. The advisory indicates that the vulnerability exists in tinyexr version 0.9.5 and earlier, with the latest commit being on June 13, 2018 [ref_id=1]. Further details on the fix are not available in the provided documentation.
Preconditions
- inputThe application must process an EXR image file.
- inputThe EXR image file must be malformed in a way that triggers the heap-based buffer over-read.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457mitrex_refsource_MISC
- github.com/syoyo/tinyexr/issues/81mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.