Описание
Security update for openexr
This update for openexr fixes the following issues:
- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode
Список пакетов
HPE Helion OpenStack 8
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2021:2913-1
- E-Mail link for SUSE-SU-2021:2913-1
- SUSE Security Ratings
- SUSE Bug 1188457
- SUSE Bug 1188458
- SUSE Bug 1188459
- SUSE Bug 1188460
- SUSE Bug 1188461
- SUSE Bug 1188462
- SUSE CVE CVE-2021-20298 page
- SUSE CVE CVE-2021-20299 page
- SUSE CVE CVE-2021-20300 page
- SUSE CVE CVE-2021-20302 page
- SUSE CVE CVE-2021-20303 page
- SUSE CVE CVE-2021-20304 page
- SUSE CVE CVE-2021-3476 page
Описание
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20298
- SUSE Bug 1188460
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20299
- SUSE Bug 1188459
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20300
- SUSE Bug 1188458
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20302
- SUSE Bug 1188462
- SUSE Bug 1191176
Описание
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
Затронутые продукты
Ссылки
- CVE-2021-20303
- SUSE Bug 1188457
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20304
- SUSE Bug 1188461
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
Затронутые продукты
Ссылки
- CVE-2021-3476
- SUSE Bug 1184172