Описание
Security update for openexr
This update for openexr fixes the following issues:
- CVE-2021-3477: Fixed Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353).
- CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556).
- CVE-2021-3933: Fixed integer-overflow in Imf_3_1:bytesPerDeepLineTable (bsc#1192498).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
Ссылки
- Link for SUSE-SU-2021:3843-1
- E-Mail link for SUSE-SU-2021:3843-1
- SUSE Security Ratings
- SUSE Bug 1184353
- SUSE Bug 1192498
- SUSE Bug 1192556
- SUSE CVE CVE-2021-3477 page
- SUSE CVE CVE-2021-3933 page
- SUSE CVE CVE-2021-3941 page
Описание
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
Затронутые продукты
Ссылки
- CVE-2021-3477
- SUSE Bug 1184353
- SUSE Bug 1184354
Описание
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
Затронутые продукты
Ссылки
- CVE-2021-3933
- SUSE Bug 1192498
Описание
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
Затронутые продукты
Ссылки
- CVE-2021-3941
- SUSE Bug 1192556