From: "Léo Le Bouter via Bug reports for GNU Guix" <bug-guix@gnu.org>
To: 47509@debbugs.gnu.org
Subject: bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
Date: Thu, 01 Apr 2021 15:26:24 +0200 [thread overview]
Message-ID: <39ed8eb5a4a1accb3cc1e3fe428369987fd30aef.camel@zaclys.net> (raw)
In-Reply-To: <a149c0f9538876ec9d93e75e40c44ce335d4682a.camel@zaclys.net>
[-- Attachment #1: Type: text/plain, Size: 1538 bytes --]
Another wave it seems:
CVE-2021-3479 31.03.21 16:15
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
Fix:
https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
CVE-2021-3478 31.03.21 16:15
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
Fix (? as Red Hat analyst points out in
https://bugzilla.redhat.com/show_bug.cgi?id=1939160#c3, it indeed looks
uncertain):
https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a
CVE-2021-3477 31.03.21 16:15
There's a flaw in OpenEXR's deep tile sample size calculations in
versions before 3.0.0-beta. An attacker who is able to submit a crafted
file to be processed by OpenEXR could trigger an integer overflow,
subsequently leading to an out-of-bounds read. The greatest risk of
this flaw is to application availability.
Fix (? as Red Hat analyst points out in
https://bugzilla.redhat.com/show_bug.cgi?id=1939159#c3, it indeed looks
uncertain):
https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2021-04-01 13:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-31 1:47 bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 Léo Le Bouter via Bug reports for GNU Guix
2021-04-01 13:26 ` Léo Le Bouter via Bug reports for GNU Guix [this message]
2021-04-02 10:04 ` Léo Le Bouter via Bug reports for GNU Guix
2021-07-05 23:46 ` Vinicius Monego
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=39ed8eb5a4a1accb3cc1e3fe428369987fd30aef.camel@zaclys.net \
--to=bug-guix@gnu.org \
--cc=47509@debbugs.gnu.org \
--cc=lle-bout@zaclys.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).