Описание
Security update for openexr
This update for openexr fixes the following issues:
- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator
- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress
- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot
- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode
Список пакетов
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2021:2793-1
- SUSE Security Ratings
- SUSE Bug 1188457
- SUSE Bug 1188458
- SUSE Bug 1188459
- SUSE Bug 1188460
- SUSE Bug 1188461
- SUSE Bug 1188462
- SUSE CVE CVE-2021-20298 page
- SUSE CVE CVE-2021-20299 page
- SUSE CVE CVE-2021-20300 page
- SUSE CVE CVE-2021-20302 page
- SUSE CVE CVE-2021-20303 page
- SUSE CVE CVE-2021-20304 page
- SUSE CVE CVE-2021-3476 page
Описание
A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20298
- SUSE Bug 1188460
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20299
- SUSE Bug 1188459
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20300
- SUSE Bug 1188458
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20302
- SUSE Bug 1188462
- SUSE Bug 1191176
Описание
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
Затронутые продукты
Ссылки
- CVE-2021-20303
- SUSE Bug 1188457
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20304
- SUSE Bug 1188461
- SUSE Bug 1191176
Описание
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
Затронутые продукты
Ссылки
- CVE-2021-3476
- SUSE Bug 1184172