In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.
2.35-22.35-2build12.35-32.35-3build12.35-42.37-10.9.1-3ubuntu10.160-0ubuntu13.0.11.20140816.dfsg1-1ubuntu43.0.12.20150725.dfgs1-2ubuntu13.0.12.20160126.dfsg1-1ubuntu11.0.3+repack1+git20150625-1build11.0.3+repack1+git20150806-11.0.3+repack1+git20151103-11.0.3+repack1+git20151103-1build11.0.3+repack1+git20151124-12.41-2build12.41-32.41-40.7.1-20.7.2-10.9.1-4ubuntu13.0.14.20170103+git6-g605ff5c.dfsg1-1build15.9.1+dfsg-45.9.1+dfsg-4ubuntu15.9.2+dfsg-2ubuntu15.9.3+dfsg-0ubuntu15.9.4+dfsg-0ubuntu15.9.5+dfsg-0ubuntu2Exploitability
AV:NAC:LPR:NUI:RScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H