Several vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1720 Drew Yao discovered integer overflows in the preview and compression code. CVE-2009-1721 Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. CVE-2009-1722 A buffer overflow was discovered in the compression code. For the old stable distribution , these problems have been fixed in version 1.2.2-4.3+etch2. For the stable distribution , these problems have been fixed in version 1.6.1-3+lenny3. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your openexr packages.