[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and
|
From: |
Léo Le Bouter |
|
Subject: |
bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 |
|
Date: |
Wed, 31 Mar 2021 03:47:32 +0200 |
|
User-agent: |
Evolution 3.34.2 |
CVE-2021-3474 30.03.21 20:15
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted
input file that is processed by OpenEXR could cause a shift overflow in
the FastHufDecoder, potentially leading to problems with application
availability.
Fix:
https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
CVE-2021-3476 30.03.21 20:15
A flaw was found in OpenEXR's B44 uncompression functionality in
versions before 3.0.0-beta. An attacker who is able to submit a crafted
file to OpenEXR could trigger shift overflows, potentially affecting
application availability.
Fix:
https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
CVE-2021-3475 30.03.21 20:15
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker
who can submit a crafted file to be processed by OpenEXR could cause an
integer overflow, potentially leading to problems with application
availability.
Fix:
https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
I could not check if these flaws affect the 2.5.2 version packaged in
GNU Guix yet.
signature.asc
Description: This is a digitally signed message part
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475,
Léo Le Bouter <=