An update that fixes three vulnerabilities is now available.
This update for openexr fixes the following issues:
- CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469).
This update was imported from the SUSE:SLE-15:Update update project.
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: