Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0670-1

Опубликовано: 05 мая 2021
Источник: suse-cvrf

Описание

Security update for openexr

This update for openexr fixes the following issues:

  • CVE-2021-23215: Fixed an integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185216).
  • CVE-2021-26260: Fixed an Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185217).
  • CVE-2021-20296: Fixed a Null Pointer dereference in Imf_2_5:hufUncompress (bsc#1184355).
  • CVE-2021-3477: Fixed a Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353).
  • CVE-2021-3479: Fixed an Out-of-memory caused by allocation of a very large buffer (bsc#1184354).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2
libIlmImf-2_2-23-2.2.1-lp152.7.14.1
libIlmImf-2_2-23-32bit-2.2.1-lp152.7.14.1
libIlmImfUtil-2_2-23-2.2.1-lp152.7.14.1
libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.14.1
openexr-2.2.1-lp152.7.14.1
openexr-devel-2.2.1-lp152.7.14.1
openexr-doc-2.2.1-lp152.7.14.1

Ссылки

Описание

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Затронутые продукты
openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.14.1
Ссылки

Описание

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

Затронутые продукты
openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.14.1
Ссылки

Описание

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

Затронутые продукты
openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.14.1
Ссылки

Описание

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.

Затронутые продукты
openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.14.1
Ссылки

Описание

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

Затронутые продукты
openSUSE Leap 15.2:libIlmImf-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImf-2_2-23-32bit-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-2.2.1-lp152.7.14.1
openSUSE Leap 15.2:libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.14.1
Ссылки