Bug 52111 – (ES 4.3) openexr

Bug 52111 - (ES 4.3) openexr


Summary:	(ES 4.3) openexr

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.3
Hardware:	All other

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Quality Assurance
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-09-20 21:56 CEST by Erik Damrose
Modified:	2020-11-30 12:40 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Damrose

2020-09-20 21:56:44 CEST

Provide openexr version 2.2.0-11+deb9u1 for UCS 4.3
First imported at bug #51931

This update addresses the following issues:
* Out-of-bounds read in the hufDecode function (CVE-2017-9110)
* Out-of-bounds write in the storeSSE function (CVE-2017-9111)
* Out-of-bounds read in the getBits function (CVE-2017-9112)
* Out-of-bounds write in the bufferedReadPixels function (CVE-2017-9113)
* Out-of-bounds read in the refill function (CVE-2017-9114)
* Out-of-bounds write in the = operator function (CVE-2017-9115)
* Out-of-bounds read in the uncompress function (CVE-2017-9116)
* heap-based buffer over-read in hufDecode function (CVE-2017-12596)
* out-of-bounds read in ImfOptimizedPixelReading.h (CVE-2020-11758)
* out-of-bounds write due to integer overflows in
  CompositeDeepScanLine::Data::handleDeepFrameBuffer and
  readSampleCountForLineBlock (CVE-2020-11759)
* out-of-bounds read during RLE uncompression in rleUncompress function in
  ImfRle.cpp (CVE-2020-11760)
* out-of-bounds read during Huffman uncompression (CVE-2020-11761)
* out-of-bounds read and write in DwaCompressor::uncompress in
  ImfDwaCompressor.cpp (CVE-2020-11762)
* std::vector out-of-bounds read and write in ImfTileOffsets.cpp
  (CVE-2020-11763)
* out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp
  (CVE-2020-11764)
* off-by-one error in ImfXdr.h read function by
  DwaCompressor::Classifier::Classifier leading to an out-of-bounds read
  (CVE-2020-11765)
* Invalid input could cause a use-after-free in
  DeepScanLineInputFile::DeepScanLineInputFile() in
  IlmImf/ImfDeepScanLineInputFile.cpp (CVE-2020-15305)
* Invalid chunkCount attributes could cause a heap buffer overflow in
  getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp (CVE-2020-15306)

Comment 1 Felix Botner

2020-11-19 14:46:51 CET

openexr:
  Installiert:           2.2.0-11+deb9u1
  Installationskandidat: 2.2.0-11+deb9u1
  Versionstabelle:
 *** 2.2.0-11+deb9u1 500
        500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages

Comment 2 Erik Damrose

2020-11-30 12:40:02 CET

CLOSED: Released as extsec4.3 update