CVE-2018-18443

MEDIUM

ILM Openexr - Resource Leak

Title source: rule

Description

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.

References (4)

[Exploit, Third Party Advisory] https://github.com/openexr/openexr/issues/350

[Release Notes] https://github.com/openexr/openexr/releases/tag/v2.4.0

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZN7WUH3SR6DSRODRB4SLFTBKP74FVC5/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5E2OZU4ZSF5W4ODBU4L547HX5A4WOBFV/

Scores

CVSS v3 4.3

EPSS 0.0036

EPSS Percentile 58.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Details

CWE

CWE-772

Status published

Products (1)

ilm/openexr 2.3.0

Published Oct 17, 2018

Tracked Since Feb 18, 2026