bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475

[Léo Le Bouter]

Another wave it seems:

CVE-2021-3479   31.03.21 16:15
There's a flaw in OpenEXR's Scanline API functionality in versions before 
3.0.0-beta. An attacker who is able to submit a crafted file to be processed by 
OpenEXR could trigger excessive consumption of memory, resulting in an impact 
to system availability.

Fix: 
https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c

CVE-2021-3478   31.03.21 16:15
There's a flaw in OpenEXR's scanline input file functionality in versions 
before 3.0.0-beta. An attacker able to submit a crafted file to be processed by 
OpenEXR could consume excessive system memory. The greatest impact of this flaw 
is to system availability.

Fix (? as Red Hat analyst points out in 
https://bugzilla.redhat.com/show_bug.cgi?id=1939160#c3, it indeed looks
uncertain): 
https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a


CVE-2021-3477   31.03.21 16:15
There's a flaw in OpenEXR's deep tile sample size calculations in
versions before 3.0.0-beta. An attacker who is able to submit a crafted
file to be processed by OpenEXR could trigger an integer overflow,
subsequently leading to an out-of-bounds read. The greatest risk of
this flaw is to application availability.

Fix (? as Red Hat analyst points out in 
https://bugzilla.redhat.com/show_bug.cgi?id=1939159#c3, it indeed looks
uncertain): 
https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1

signature.asc
Description: This is a digitally signed message part