unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
@ 2021-03-31  1:47 Léo Le Bouter via Bug reports for GNU Guix
  2021-04-01 13:26 ` Léo Le Bouter via Bug reports for GNU Guix
  2021-07-05 23:46 ` Vinicius Monego
  0 siblings, 2 replies; 4+ messages in thread
From: Léo Le Bouter via Bug reports for GNU Guix @ 2021-03-31  1:47 UTC (permalink / raw)
  To: 47509

[-- Attachment #1: Type: text/plain, Size: 1204 bytes --]

CVE-2021-3474	30.03.21 20:15
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted
input file that is processed by OpenEXR could cause a shift overflow in
the FastHufDecoder, potentially leading to problems with application
availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f

CVE-2021-3476	30.03.21 20:15
A flaw was found in OpenEXR's B44 uncompression functionality in
versions before 3.0.0-beta. An attacker who is able to submit a crafted
file to OpenEXR could trigger shift overflows, potentially affecting
application availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9

CVE-2021-3475	30.03.21 20:15
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker
who can submit a crafted file to be processed by OpenEXR could cause an
integer overflow, potentially leading to problems with application
availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753

I could not check if these flaws affect the 2.5.2 version packaged in
GNU Guix yet.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
  2021-03-31  1:47 bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 Léo Le Bouter via Bug reports for GNU Guix
@ 2021-04-01 13:26 ` Léo Le Bouter via Bug reports for GNU Guix
  2021-04-02 10:04   ` Léo Le Bouter via Bug reports for GNU Guix
  2021-07-05 23:46 ` Vinicius Monego
  1 sibling, 1 reply; 4+ messages in thread
From: Léo Le Bouter via Bug reports for GNU Guix @ 2021-04-01 13:26 UTC (permalink / raw)
  To: 47509

[-- Attachment #1: Type: text/plain, Size: 1538 bytes --]

Another wave it seems:

CVE-2021-3479	31.03.21 16:15
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c

CVE-2021-3478	31.03.21 16:15
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.

Fix (? as Red Hat analyst points out in 
https://bugzilla.redhat.com/show_bug.cgi?id=1939160#c3, it indeed looks
uncertain): 
https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a


CVE-2021-3477	31.03.21 16:15
There's a flaw in OpenEXR's deep tile sample size calculations in
versions before 3.0.0-beta. An attacker who is able to submit a crafted
file to be processed by OpenEXR could trigger an integer overflow,
subsequently leading to an out-of-bounds read. The greatest risk of
this flaw is to application availability.

Fix (? as Red Hat analyst points out in 
https://bugzilla.redhat.com/show_bug.cgi?id=1939159#c3, it indeed looks
uncertain): 
https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
  2021-04-01 13:26 ` Léo Le Bouter via Bug reports for GNU Guix
@ 2021-04-02 10:04   ` Léo Le Bouter via Bug reports for GNU Guix
  0 siblings, 0 replies; 4+ messages in thread
From: Léo Le Bouter via Bug reports for GNU Guix @ 2021-04-02 10:04 UTC (permalink / raw)
  To: 47509

[-- Attachment #1: Type: text/plain, Size: 460 bytes --]

Another:

CVE-2021-20296	01.04.21 16:15
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted
input file supplied by an attacker, that is processed by the Dwa
decompression functionality of OpenEXR's IlmImf library, could cause a
NULL pointer dereference. The highest threat from this vulnerability is
to system availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
  2021-03-31  1:47 bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 Léo Le Bouter via Bug reports for GNU Guix
  2021-04-01 13:26 ` Léo Le Bouter via Bug reports for GNU Guix
@ 2021-07-05 23:46 ` Vinicius Monego
  1 sibling, 0 replies; 4+ messages in thread
From: Vinicius Monego @ 2021-07-05 23:46 UTC (permalink / raw)
  To: 47509-done

Hi,

I found [1] which lists which versions of OpenEXR are vulnerable to
which CVE. All the CVEs mentioned here were fixed in version 2.5.4 [2],
while we are currently tracking version 2.5.5, for which there are no
known CVEs.

I will close this issue. Feel free to reopen if I missed anything.

[1]
https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md

[2]
https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-254-december-31-2020





^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-07-05 23:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-31  1:47 bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 Léo Le Bouter via Bug reports for GNU Guix
2021-04-01 13:26 ` Léo Le Bouter via Bug reports for GNU Guix
2021-04-02 10:04   ` Léo Le Bouter via Bug reports for GNU Guix
2021-07-05 23:46 ` Vinicius Monego

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).