CVE-2018-12504
Description
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
Root cause
"An assertion failure occurs in `ComputeChannelLayout` due to improper handling of EXR image data."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted EXR file to the `tinyexr` library. The `LoadEXRImageFromFile` function, when processing this malicious input, leads to an assertion failure in `tinyexr::ComputeChannelLayout` [ref_id=1]. This assertion failure is triggered during the processing of the EXR file's channel layout information.
Affected code
The vulnerability resides in the `ComputeChannelLayout` function within the `tinyexr.h` file. Specifically, the assertion `0' failed` is triggered at line 10195 when processing EXR files [ref_id=1]. The call stack indicates that this function is invoked by `LoadEXR` and subsequently `LoadEXRImageFromFile` [ref_id=1].
What the fix does
The provided bundle does not contain a patch. The advisory indicates that the vulnerability is an assertion failure in `tinyexr::ComputeChannelLayout` when processing a malformed EXR file [ref_id=1]. Users are advised to update to a version of the library that addresses this issue, though specific patch details are not available in the bundle.
Preconditions
- inputThe target system must process an EXR file.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457mitrex_refsource_MISC
- github.com/syoyo/tinyexr/issues/82mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.