Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202210-31

Gentoo Linux Security Advisory 202210-31 - Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. Versions less than 3.1.5 are affected.

Packet Storm
#vulnerability#web#mac#linux

Gentoo Linux Security Advisory GLSA 202210-31


                                       https://security.gentoo.org/  

Severity: Normal
Title: OpenEXR: Multiple Vulnerabilities
Date: October 31, 2022
Bugs: #838079, #830384, #817431, #810541, #801373, #787452
ID: 202210-31


Synopsis

Multiple vulnerabilities have been discovered in OpenEXR, the worst of
which could result in arbitrary code execution.

Background

OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.

Affected packages

-------------------------------------------------------------------  
 Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  

1 media-libs/openexr < 3.1.5 >= 3.1.5

Description

Multiple vulnerabilities have been discovered in OpenEXR. Please review
the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenEXR users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=media-libs/openexr-3.1.5”

References

[ 1 ] CVE-2021-3598
https://nvd.nist.gov/vuln/detail/CVE-2021-3598
[ 2 ] CVE-2021-3605
https://nvd.nist.gov/vuln/detail/CVE-2021-3605
[ 3 ] CVE-2021-3933
https://nvd.nist.gov/vuln/detail/CVE-2021-3933
[ 4 ] CVE-2021-3941
https://nvd.nist.gov/vuln/detail/CVE-2021-3941
[ 5 ] CVE-2021-20304
https://nvd.nist.gov/vuln/detail/CVE-2021-20304
[ 6 ] CVE-2021-23169
https://nvd.nist.gov/vuln/detail/CVE-2021-23169
[ 7 ] CVE-2021-45942
https://nvd.nist.gov/vuln/detail/CVE-2021-45942

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202210-31

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

Debian Security Advisory 5299-1

Debian Linux Security Advisory 5299-1 - Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed.

CVE-2021-20304: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.

CVE-2021-3933: Invalid Bug ID

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

CVE-2021-3941: Invalid Bug ID

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

CVE-2021-3605: Invalid Bug ID

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

CVE-2021-3598: Invalid Bug ID

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

CVE-2021-26260: [SECURITY] Fedora 33 Update: mingw-OpenEXR-2.4.1-4.fc33 - package-announce

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

CVE-2020-15306: openexr/CHANGES.md at main · AcademySoftwareFoundation/openexr

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution