Headline
Gentoo Linux Security Advisory 202210-31
Gentoo Linux Security Advisory 202210-31 - Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. Versions less than 3.1.5 are affected.
Gentoo Linux Security Advisory GLSA 202210-31
https://security.gentoo.org/
Severity: Normal
Title: OpenEXR: Multiple Vulnerabilities
Date: October 31, 2022
Bugs: #838079, #830384, #817431, #810541, #801373, #787452
ID: 202210-31
Synopsis
Multiple vulnerabilities have been discovered in OpenEXR, the worst of
which could result in arbitrary code execution.
Background
OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/openexr < 3.1.5 >= 3.1.5
Description
Multiple vulnerabilities have been discovered in OpenEXR. Please review
the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenEXR users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=media-libs/openexr-3.1.5”
References
[ 1 ] CVE-2021-3598
https://nvd.nist.gov/vuln/detail/CVE-2021-3598
[ 2 ] CVE-2021-3605
https://nvd.nist.gov/vuln/detail/CVE-2021-3605
[ 3 ] CVE-2021-3933
https://nvd.nist.gov/vuln/detail/CVE-2021-3933
[ 4 ] CVE-2021-3941
https://nvd.nist.gov/vuln/detail/CVE-2021-3941
[ 5 ] CVE-2021-20304
https://nvd.nist.gov/vuln/detail/CVE-2021-20304
[ 6 ] CVE-2021-23169
https://nvd.nist.gov/vuln/detail/CVE-2021-23169
[ 7 ] CVE-2021-45942
https://nvd.nist.gov/vuln/detail/CVE-2021-45942
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-31
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Debian Linux Security Advisory 5299-1 - Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed.
A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.