Package: openexr Version: 2.3.0-6 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerabilities were published for openexr, all are fixed in 2.4.1. CVE-2020-11758[0]: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read in ImfOptimizedPixelReading.h. CVE-2020-11759[1]: | An issue was discovered in OpenEXR before 2.4.1. Because of integer | overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and | readSampleCountForLineBlock, an attacker can write to an out-of-bounds | pointer. CVE-2020-11760[2]: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. CVE-2020-11761[3]: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read during Huffman uncompression, as demonstrated by | FastHufDecoder::refill in ImfFastHuf.cpp. CVE-2020-11762[4]: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read and write in DwaCompressor::uncompress in | ImfDwaCompressor.cpp when handling the UNKNOWN compression case. CVE-2020-11763[5]: | An issue was discovered in OpenEXR before 2.4.1. There is an | std::vector out-of-bounds read and write, as demonstrated by | ImfTileOffsets.cpp. CVE-2020-11764[6]: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds write in copyIntoFrameBuffer in ImfMisc.cpp. CVE-2020-11765[7]: | An issue was discovered in OpenEXR before 2.4.1. There is an off-by- | one error in use of the ImfXdr.h read function by | DwaCompressor::Classifier::Classifier, leading to an out-of-bounds | read. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11758 [1] https://security-tracker.debian.org/tracker/CVE-2020-11759 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11759 [2] https://security-tracker.debian.org/tracker/CVE-2020-11760 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11760 [3] https://security-tracker.debian.org/tracker/CVE-2020-11761 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11761 [4] https://security-tracker.debian.org/tracker/CVE-2020-11762 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11762 [5] https://security-tracker.debian.org/tracker/CVE-2020-11763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11763 [6] https://security-tracker.debian.org/tracker/CVE-2020-11764 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11764 [7] https://security-tracker.debian.org/tracker/CVE-2020-11765 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11765 [8] https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 Regards, Salvatore
