CVE-2023-5841 – OpenEXR Heap Overflow in Scanline Deep Data Parsing
https://notcve.org/view.php?id=CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. Debido a un fallo en la validación del número de muestras de líneas de escaneo de un archivo OpenEXR que contiene datos de líneas de escaneo profundas, la librería de análisis de imágenes Academy Software Foundation OpenEX versión 3.2.1 y anteriores es susceptible a una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria. A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanline data, allowing a read or write primitive based on the provided EXR file attributes. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI https://takeonme.org/cves/CVE-2023-5841.html https://access.redhat.com/security/cve/CVE-2023-5841 https://bugzilla.redhat.com/show_bug.cgi?id=2262397 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-45942
https://notcve.org/view.php?id=CVE-2021-45942
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. OpenEXR versión 3.1.x anterior a la versión 3.1.4 tiene un desbordamiento de búfer basado en la pila en Imf_3_1::LineCompositeTask::execute (llamado desde IlmThread_3_1::NullThreadPoolProvider::addTask e IlmThread_3_1::ThreadPool::addGlobalTask). NOTA: db217f2 puede ser inaplicable • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022 https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0 https://github.com/AcademySoftwareFoundation/openexr/pull/1209 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4 https://github.com/google/oss-fuzz-vulns • CWE-787: Out-of-bounds Write •
CVE-2021-3941
https://notcve.org/view.php?id=CVE-2021-3941
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como "float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;" y "chroma.green.y * (X + Z)) / d;" pero no es comprobado que el divisor tenga un valor 0. Un archivo especialmente diseñado podría desencadenar una condición de división por cero que podría afectar a la disponibilidad de los programas enlazados con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=2019789 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-369: Divide By Zero •