Fix freeing uninitialized pointers in Imf::hufUncompress, CVE-2009-1721. --- a/IlmImf/ImfAutoArray.h +++ b/IlmImf/ImfAutoArray.h @@ -57,7 +57,7 @@ namespace Imf { { public: - AutoArray (): _data (new T [size]) {} + AutoArray (): _data (new T [size]) {memset(_data, 0, size * sizeof(T));} ~AutoArray () {delete [] _data;} operator T * () {return _data;}