Описание
Security update for openexr
This update for openexr fixes the following issues:
- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode
Список пакетов
Container containers/open-webui:0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
Ссылки
- Link for SUSE-SU-2021:2793-1
- E-Mail link for SUSE-SU-2021:2793-1
- SUSE Security Ratings
- SUSE Bug 1188457
- SUSE Bug 1188458
- SUSE Bug 1188459
- SUSE Bug 1188460
- SUSE Bug 1188461
- SUSE Bug 1188462
- SUSE CVE CVE-2021-20298 page
- SUSE CVE CVE-2021-20299 page
- SUSE CVE CVE-2021-20300 page
- SUSE CVE CVE-2021-20302 page
- SUSE CVE CVE-2021-20303 page
- SUSE CVE CVE-2021-20304 page
- SUSE CVE CVE-2021-3476 page
Описание
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20298
- SUSE Bug 1188460
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20299
- SUSE Bug 1188459
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20300
- SUSE Bug 1188458
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20302
- SUSE Bug 1188462
- SUSE Bug 1191176
Описание
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
Затронутые продукты
Ссылки
- CVE-2021-20303
- SUSE Bug 1188457
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20304
- SUSE Bug 1188461
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
Затронутые продукты
Ссылки
- CVE-2021-3476
- SUSE Bug 1184172