SB2021071705 - openEuler 20.03 LTS SP1 update for OpenEXR
Published: July 17, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2021-3598)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the readChars() function in ImfIO.h. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Integer overflow (CVE-ID: CVE-2020-11759)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
3) Heap-based buffer overflow (CVE-ID: CVE-2020-15306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in "getChunkOffsetTableSize()" in "IlmImf/ImfMisc.cpp". A local user can pass specially crafted data to the applicatoin, trigger heap-based buffer overflow and cause a denial of service conditon on the target system.
4) Out-of-bounds write (CVE-ID: CVE-2020-11763)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
5) Out-of-bounds read (CVE-ID: CVE-2020-11761)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
6) Off-by-one (CVE-ID: CVE-2020-11765)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
7) Out-of-bounds read (CVE-ID: CVE-2020-11760)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
8) Use-after-free (CVE-ID: CVE-2020-15305)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in "DeepScanLineInputFile::DeepScanLineInputFile()" in "IlmImf/ImfDeepScanLineInputFile.cpp". A local user can cause a denial of service (DoS) condition on the target system.
9) Out-of-bounds read (CVE-ID: CVE-2020-11758)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
10) Out-of-bounds write (CVE-ID: CVE-2020-11764)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
11) Out-of-bounds write (CVE-ID: CVE-2020-11762)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
Remediation
Install update from vendor's website.