Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia 7: 2020-0189 Critical Security Update for OpenEXR

mageia
Calendar Grey May 5, 2020
Dist Mageia Esm H88
Mageia patches rectify security flaws in OpenEXR, impacting various versions. Significant out-of-bounds vulnerabilities resolved.
The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1

Summary

The updated packages fix security vulnerabilities:
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. (CVE-2020-11758)
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. (CVE-2020-11759)
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. (CVE-2020-11760)
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. (CVE-2020-11761)
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. (CVE-2020-11762)
An issue was discovered in OpenEXR befo...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26551

- https://ubuntu.com/security/notices/USN-4339-1

- https://www.cve.org/CVERecord?id=CVE-2020-11758

- https://www.cve.org/CVERecord?id=CVE-2020-11759

- https://www.cve.org/CVERecord?id=CVE-2020-11760

- https://www.cve.org/CVERecord?id=CVE-2020-11761

- https://www.cve.org/CVERecord?id=CVE-2020-11762

- https://www.cve.org/CVERecord?id=CVE-2020-11763

- https://www.cve.org/CVERecord?id=CVE-2020-11764

- https://www.cve.org/CVERecord?id=CVE-2020-11765

Topics%20covered

Topics Covered

security advisory integer overflow out-of-bounds read OpenEXR Mageia

Resolution

SRPMS

- 7/core/openexr-2.3.0-2.2.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0189.html
Type: security
CVE: CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765

Topics%20covered

Topics Covered

security advisory integer overflow out-of-bounds read OpenEXR Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here