Univention Bugzilla – Bug 51931
openexr: Multiple issues (4.4)
Last modified: 2020-09-02 11:40:09 CEST
New Debian openexr 2.2.0-11+deb9u1 fixes: This update addresses the following issues: * Out-of-bounds read in the hufDecode function (CVE-2017-9110) * Out-of-bounds write in the storeSSE function (CVE-2017-9111) * Out-of-bounds read in the getBits function (CVE-2017-9112) * Out-of-bounds write in the bufferedReadPixels function (CVE-2017-9113) * Out-of-bounds read in the refill function (CVE-2017-9114) * Out-of-bounds write in the = operator function (CVE-2017-9115) * Out-of-bounds read in the uncompress function (CVE-2017-9116) * heap-based buffer over-read in hufDecode function (CVE-2017-12596) * out-of-bounds read in ImfOptimizedPixelReading.h (CVE-2020-11758) * out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock (CVE-2020-11759) * out-of-bounds read during RLE uncompression in rleUncompress function in ImfRle.cpp (CVE-2020-11760) * out-of-bounds read during Huffman uncompression (CVE-2020-11761) * out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp (CVE-2020-11762) * std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763) * out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764) * off-by-one error in ImfXdr.h read function by DwaCompressor::Classifier::Classifier leading to an out-of-bounds read (CVE-2020-11765) * Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp (CVE-2020-15305) * Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp (CVE-2020-15306)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/openexr_2.2.0-11.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/openexr_2.2.0-11+deb9u1.dsc @@ -1,3 +1,15 @@ +2.2.0-11+deb9u1 [Sun, 30 Aug 2020 20:26:04 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2017-9110, CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, + CVE-2017-9114, CVE-2017-9115, CVE-2017-9116, CVE-2017-12596, + CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, + CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765, + CVE-2020-15305, CVE-2020-15306: + Various security issues which could result in denial of service + and potentially the execution of arbitrary code when processing + malformed EXR image files. + 2.2.0-11 [Tue, 19 Jul 2016 08:53:26 +0200] Mathieu Malaterre <malat@debian.org>: * Remove symbols files. Closes: #807079 <http://10.200.17.11/4.4-5/#3509767328429911568>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts Not a major issue: openexr-doc leaves files on system after purge. [4.4-5] dbb1f01005 Bug #51931: openexr 2.2.0-11+deb9u1 doc/errata/staging/openexr.yaml | 57 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x731>