Debian DSA-5299-1 : openexr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5299 advisory. Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound read...

OSV-2022-306 Heap-buffer-overflow in Imf_3_1::memstream_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46309 Crash type: Heap-buffer-overflow READ Crash state: Imf31::memstreamread dispatchread extractchunkleader...

OSV-2022-258 Heap-double-free in Imf_3_1::RgbaInputFile::~RgbaInputFile

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45718 Crash type: Heap-double-free Crash state: Imf31::RgbaInputFile::RgbaInputFile Imf31::checkOpenEXRFile openexrexrcheckfuzzer.cc...

Huawei EulerOS: Security Advisory for OpenEXR (EulerOS-SA-2022-1179)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OSV-2022-82 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43961 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack exrdecodingrun Imf31::checkCoreFile...

SUSE SLED12 / SLES12 Security Update : openexr (SUSE-SU-2022:0061-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0061-1 advisory. - OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from...

Heap overflow

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

CVE-2021-45942

CVE-2021-45942 affects OpenEXR 3.1.x prior to 3.1.4. The issue is a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute, triggered when called from the IlmThread_3_1 thread pool (NullThreadPoolProvider::addTask / ThreadPool::addGlobalTask). The public description notes this vulnerab...

CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

OSV-2021-1627 Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 Crash type: Heap-buffer-overflow WRITE 2 Crash state: Imf31::LineCompositeTask::execute IlmThread31::NullThreadPoolProvider::addTask IlmThread31::ThreadPool::addGlobalTask...

OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

Cary Phillips reports: OpenEXR Version 3.1.4 is a patch release that ... addresses one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow in Imf31::LineCompositeTask::execute and several specific OSS-fuzz issues...

OSV-2021-1482 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40234 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack exrdecodingrun Imf31::checkCoreFile...

OSV-2021-1451 Heap-buffer-overflow in Imf_3_1::memstream_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39936 Crash type: Heap-buffer-overflow WRITE 1 Crash state: Imf31::memstreamread dispatchread readuncompresseddirect...

OSV-2021-1437 Heap-buffer-overflow in unpack_32bit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39799 Crash type: Heap-buffer-overflow WRITE 4 Crash state: unpack32bit exrdecodingrun Imf31::checkCoreFile...

OSV-2021-1429 Heap-buffer-overflow in unpack_16bit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39737 Crash type: Heap-buffer-overflow WRITE 2 Crash state: unpack16bit exrdecodingrun Imf31::checkCoreFile...

OSV-2021-1420 Heap-buffer-overflow in unpack_16bit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39623 Crash type: Heap-buffer-overflow WRITE Crash state: unpack16bit exrdecodingrun Imf31::checkCoreFile...

OSV-2021-1415 Heap-buffer-overflow in Imf_3_1::memstream_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39616 Crash type: Heap-buffer-overflow READ 8 Crash state: Imf31::memstreamread dispatchread exrreadscanlinechunkinfo...

OSV-2021-1410 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39571 Crash type: Heap-buffer-overflow WRITE 4 Crash state: genericunpack exrdecodingrun Imf31::checkCoreFile...

OSV-2021-1409 Heap-buffer-overflow in unpack_16bit_4chan_planar

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39538 Crash type: Heap-buffer-overflow WRITE 2 Crash state: unpack16bit4chanplanar exrdecodingrun Imf31::checkCoreFile...

OSV-2021-1406 Heap-buffer-overflow in Imf_3_1::memstream_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39542 Crash type: Heap-buffer-overflow WRITE Crash state: Imf31::memstreamread dispatchread readuncompresseddirect...