CVE-2021-20300
https://notcve.org/view.php?id=CVE-2021-20300
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad hufUncompress de OpenEXR en el archivo OpenEXR/IlmImf/ImfHuf.cpp. Este fallo permite a un atacante que pueda enviar un archivo diseñado que sea procesado por OpenEXR, para desencadenar un desbordamiento de enteros. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562 https://bugzilla.redhat.com/show_bug.cgi?id=1939153 https://github.com/AcademySoftwareFoundation/openexr/pull/836 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-190: Integer Overflow or Wraparound •
CVE-2021-20302
https://notcve.org/view.php?id=CVE-2021-20302
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la funcionalidad TiledInputFile de OpenEXR. Este fallo permite a un atacante que pueda enviar una imagen no diseñada de una sola parte para que sea procesada por OpenEXR, para desencadenar un error de excepción de punto flotante. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894 https://bugzilla.redhat.com/show_bug.cgi?id=1939161 https://github.com/AcademySoftwareFoundation/openexr/pull/842 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html • CWE-20: Improper Input Validation •
CVE-2021-45942
https://notcve.org/view.php?id=CVE-2021-45942
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. OpenEXR versión 3.1.x anterior a la versión 3.1.4 tiene un desbordamiento de búfer basado en la pila en Imf_3_1::LineCompositeTask::execute (llamado desde IlmThread_3_1::NullThreadPoolProvider::addTask e IlmThread_3_1::ThreadPool::addGlobalTask). NOTA: db217f2 puede ser inaplicable • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022 https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0 https://github.com/AcademySoftwareFoundation/openexr/pull/1209 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4 https://github.com/google/oss-fuzz-vulns • CWE-787: Out-of-bounds Write •
CVE-2021-3941
https://notcve.org/view.php?id=CVE-2021-3941
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como "float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;" y "chroma.green.y * (X + Z)) / d;" pero no es comprobado que el divisor tenga un valor 0. Un archivo especialmente diseñado podría desencadenar una condición de división por cero que podría afectar a la disponibilidad de los programas enlazados con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=2019789 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-369: Divide By Zero •
CVE-2021-3933
https://notcve.org/view.php?id=CVE-2021-3933
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. Podría producirse un desbordamiento de enteros cuando OpenEXR procesa un archivo diseñado en sistemas donde size_t es menor a 64 bits. Esto podría causar un valor no válido de bytesPerLine y maxBytesPerLine, lo que podría conllevar a problemas con la estabilidad de la aplicación o conducir a otras vías de ataque • https://bugzilla.redhat.com/show_bug.cgi?id=2019783 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-190: Integer Overflow or Wraparound •