Описание
Security update for openexr
This update for openexr fixes the following issues:
- CVE-2025-64181: Fixed use of uninitialized memory in function generic_unpack() (bsc#1253233)
Список пакетов
openSUSE Leap 16.0
libIex-3_2-31-3.2.2-160000.3.1
libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1
libIlmThread-3_2-31-3.2.2-160000.3.1
libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1
libOpenEXR-3_2-31-3.2.2-160000.3.1
libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1
libOpenEXRCore-3_2-31-3.2.2-160000.3.1
libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1
libOpenEXRUtil-3_2-31-3.2.2-160000.3.1
libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1
openexr-3.2.2-160000.3.1
openexr-devel-3.2.2-160000.3.1
openexr-doc-3.2.2-160000.3.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1253233
- SUSE CVE CVE-2025-64181 page
Описание
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.
Затронутые продукты
openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.3.1
openSUSE Leap 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1
openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.3.1
openSUSE Leap 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1
Ссылки
- CVE-2025-64181
- SUSE Bug 1253233