JLSEC-2026-132

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-132.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-132.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2026-132
Upstream
Published
2026-04-17T15:19:54.657Z
Modified
2026-04-17T15:30:37.266094Z
Summary
[none]
Details

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute (called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "modified": "2024-11-21T06:33:19.397Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45942",
            "published": "2022-01-01T01:15:09.043Z",
            "database_specific": {
                "status": "Modified"
            },
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-45942",
            "imported": "2026-04-17T13:59:24.216Z",
            "id": "CVE-2021-45942"
        }
    ]
}
References

Affected packages

Julia / OpenEXR_jll

Package

Name
OpenEXR_jll
Purl
pkg:julia/OpenEXR_jll?uuid=18a262bb-aa17-5467-a713-aee519bc75cb

Affected ranges

Type
SEMVER
Events
Introduced
3.1.1+0
Fixed
3.2.4+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-132.json"