ASA-202107-14 log generated external raw

[ASA-202107-14] openexr: arbitrary code execution
Arch Linux Security Advisory ASA-202107-14 ========================================== Severity: Medium Date : 2021-07-06 CVE-ID : CVE-2021-3598 Package : openexr Type : arbitrary code execution Remote : Yes Link : Summary ======= The package openexr before version 3.0.5-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.0.5-1. # pacman -Syu "openexr>=3.0.5-1" The problem has been fixed upstream in version 3.0.5. Workaround ========== None. Description =========== A heap-buffer overflow was found in the readChars function of OpenEXR before version 3.0.5. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. Impact ====== An attacker could execute arbitrary code through a crafted EXR image file. References ==========