{"id":"JLSEC-2026-128","details":"There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.","modified":"2026-04-17T15:30:20.392213Z","published":"2026-04-17T15:19:54.657Z","upstream":["CVE-2021-3598"],"database_specific":{"license":"CC-BY-4.0","sources":[{"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3598","imported":"2026-04-17T13:59:24.198Z","published":"2021-07-06T15:15:07.800Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3598","modified":"2024-11-21T06:21:56.233Z","id":"CVE-2021-3598","database_specific":{"status":"Modified"}}]},"references":[{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970987"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-31"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5299"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970987"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-31"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5299"}],"affected":[{"package":{"name":"OpenEXR_jll","ecosystem":"Julia","purl":"pkg:julia/OpenEXR_jll?uuid=18a262bb-aa17-5467-a713-aee519bc75cb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.1.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-128.json"}}],"schema_version":"1.7.5"}