Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:3844-1

Опубликовано: 01 дек. 2021
Источник: suse-cvrf

Описание

Security update for openexr

This update for openexr fixes the following issues:

  • CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556).
  • CVE-2021-3933: Fixed integer-overflow in Imf_3_1:bytesPerDeepLineTable (bsc#1192498).

Список пакетов

Container containers/open-webui:0
libIlmImf-2_2-23-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
libIlmImf-2_2-23-2.2.1-3.38.1
libIlmImfUtil-2_2-23-2.2.1-3.38.1
openexr-devel-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
libIlmImf-2_2-23-2.2.1-3.38.1
libIlmImfUtil-2_2-23-2.2.1-3.38.1
openexr-devel-2.2.1-3.38.1

Ссылки

Описание

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Затронутые продукты
Container containers/open-webui:0:libIlmImf-2_2-23-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.38.1
Ссылки

Описание

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Затронутые продукты
Container containers/open-webui:0:libIlmImf-2_2-23-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImf-2_2-23-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libIlmImfUtil-2_2-23-2.2.1-3.38.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:openexr-devel-2.2.1-3.38.1
Ссылки