SB2021071101 - Gentoo update for OpenEXR

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2020-11758)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

2) Integer overflow (CVE-ID: CVE-2020-11759)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.

3) Out-of-bounds read (CVE-ID: CVE-2020-11760)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

4) Out-of-bounds read (CVE-ID: CVE-2020-11761)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

5) Out-of-bounds write (CVE-ID: CVE-2020-11762)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

6) Out-of-bounds write (CVE-ID: CVE-2020-11763)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

7) Out-of-bounds write (CVE-ID: CVE-2020-11764)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

8) Off-by-one (CVE-ID: CVE-2020-11765)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

9) NULL pointer dereference (CVE-ID: CVE-2020-15304)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in "TiledInputFile::TiledInputFile()" in "IlmImf/ImfTiledInputFile.cpp". A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2020-15305)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in "DeepScanLineInputFile::DeepScanLineInputFile()" in "IlmImf/ImfDeepScanLineInputFile.cpp". A local user can cause a denial of service (DoS) condition on the target system.

11) Heap-based buffer overflow (CVE-ID: CVE-2020-15306)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in "getChunkOffsetTableSize()" in "IlmImf/ImfMisc.cpp". A local user can pass specially crafted data to the applicatoin, trigger heap-based buffer overflow and cause a denial of service conditon on the target system.

12) NULL pointer dereference (CVE-ID: CVE-2021-20296)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Dwa decompression functionality. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

13) Integer overflow (CVE-ID: CVE-2021-3474)

The vulnerability allows a remote attacker to perform a denial of service (DoS) on the target system.

The vulnerability exists due to integer overflow in the FastHufDecoder. A remote attacker can pass specially crafted file, trigger integer overflow and cause a denial of service condition on the target system.

14) Integer overflow (CVE-ID: CVE-2021-3475)

The vulnerability allows a remote attacker to perform a denial of service (DoS) on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted file, trigger integer overflow and cause a denial of service condition on the target system.

15) Integer overflow (CVE-ID: CVE-2021-3476)

The vulnerability allows a remote attacker to perform a denial of service (DoS) on the target system.

The vulnerability exists due to integer overflow in B44 uncompression functionality. A remote attacker can pass specially crafted file, trigger integer overflow and cause a denial of service condition on the target system.

16) Out-of-bounds read (CVE-ID: CVE-2021-3477)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the deep tile sample size calculations. A remote attacker can create a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.

17) Resource exhaustion (CVE-ID: CVE-2021-3478)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the scanline input file functionality. A remote attacker can use a specially crafted file, trigger resource exhaustion and perform a denial of service (DoS) attack.

18) Resource exhaustion (CVE-ID: CVE-2021-3479)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the Scanline API functionality. A remote attacker can use a specially crafted file, trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/202107-27