Univention Bugzilla – Bug 53544
openexr: Multiple issues (4.4)
Last modified: 2021-07-07 16:34:08 CEST
New Debian openexr 2.2.0-11+deb9u3 fixes: This update addresses the following issues: * A heap-based buffer overflow in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp could result in a DOS via a crafted EXR file (CVE-2020-16587) * Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (CVE-2021-3474) * Integer-overflow in Imf_2_5::calculateNumTiles (CVE-2021-3475) * Undefined-shift in Imf_2_5::unpack14 (CVE-2021-3476) * Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (CVE-2021-3477) * Out-of-memory in ScanLineInputFile (CVE-2021-3478) * Out-of-memory caused by allocation of a very large buffer (CVE-2021-3479) * Heap buffer overflow in Imf_3_1::CharPtrIO::readChars (CVE-2021-3598) * Segv on unknown address in Imf_2_5::hufUncompress - Null Pointer dereference (CVE-2021-20296) * Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers (CVE-2021-23215) * Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers (CVE-2021-26260)
--- mirror/ftp/4.4/unmaintained/4.4-8/source/openexr_2.2.0-11+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/openexr_2.2.0-11+deb9u3.dsc @@ -1,3 +1,41 @@ +2.2.0-11+deb9u3 [Sat, 03 Jul 2021 17:57:41 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Remove unused (non-security) patches. + * Rename security patches for clarity. + * CVE-2020-16587: A heap-based buffer overflow vulnerability exists in + chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause + a denial of service via a crafted EXR file. + * CVE-2021-3474: a crafted input file that is processed by OpenEXR could + cause a shift overflow in the FastHufDecoder, potentially leading to + problems with application availability. + * CVE-2021-3475: an attacker who can submit a crafted file to be + processed by OpenEXR could cause an integer overflow, potentially + leading to problems with application availability. + * CVE-2021-3476: a flaw was found in OpenEXR's B44 uncompression + functionality. An attacker who is able to submit a crafted file to + OpenEXR could trigger shift overflows, potentially affecting + application availability. + * CVE-2021-3477: flaw indeep tile sample size calculations. An attacker + who is able to submit a crafted file could trigger an integer + overflow, subsequently leading to an out-of-bounds read. + * CVE-2021-3478: flaw in scanline input file functionality. An attacker + able to submit a crafted file could consume excessive system memory. + * CVE-2021-3479: flaw in Scanline API. An attacker who is able to submit + a crafted file could trigger excessive consumption of memory, + resulting in an impact to system availability. + * CVE-2021-3598: read heap-buffer-overflow in Imf_3_1::CharPtrIO::readChars + * CVE-2021-20296: a crafted input file supplied by an attacker, that is + processed by the Dwa decompression functionality, could cause a NULL + pointer dereference. + * CVE-2021-23215: an integer overflow leading to a heap-buffer overflow + was found in the DwaCompressor. An attacker could use this flaw to + crash an application compiled with OpenEXR. + * CVE-2021-26260: an integer overflow leading to a heap-buffer overflow + was found in the DwaCompressor. An attacker could use this flaw to + crash an application compiled with OpenEXR. This is a different flaw + from CVE-2021-23215. + 2.2.0-11+deb9u2 [Sun, 13 Dec 2020 15:17:50 +0000] Chris Lamb <lamby@debian.org>: * CVE-2020-16588: Prevent a null-pointer deference issue in generatePreview. <http://piuparts.knut.univention.de/4.4-8/#3509767328432076618>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts [4.4-8] 5f87360960 Bug #53544: openexr 2.2.0-11+deb9u3 doc/errata/staging/openexr.yaml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+)
(In reply to Erik Damrose from comment #2) > FAIL: piuparts Ok for release, after removal of package openexr-doc some files are left behind with no owner below /var/lib/doc-base/info
<https://errata.software-univention.de/#/?erratum=4.4x1005>