Another:

CVE-2021-20296	01.04.21 16:15
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted
input file supplied by an attacker, that is processed by the Dwa
decompression functionality of OpenEXR's IlmImf library, could cause a
NULL pointer dereference. The highest threat from this vulnerability is
to system availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a