UbuntuUpdates.org

Package "openexr"

Name: openexr

Description:

command-line tools for the OpenEXR image format

Latest version: 2.2.1-4.1ubuntu1.2
Release: eoan (19.10)
Level: security
Repository: universe
Homepage: http://www.openexr.com

Links


Download "openexr"


Other versions of "openexr" in Eoan

Repository Area Version
base universe 2.2.1-4.1ubuntu1
base main 2.2.1-4.1ubuntu1
security main 2.2.1-4.1ubuntu1.2
updates main 2.2.1-4.1ubuntu1.2
updates universe 2.2.1-4.1ubuntu1.2

Changelog

Version: 2.2.1-4.1ubuntu1.2 2020-07-06 20:06:37 UTC

  openexr (2.2.1-4.1ubuntu1.2) eoan-security; urgency=medium

  * SECURITY UPDATE: use-after-free in DeepScanLineInputFile
    - debian/patches/CVE-2020-15305.patch: add missing throw in
      deepscanline error handling in IlmImf/ImfDeepScanLineInputFile.cpp.
    - CVE-2020-15305
  * SECURITY UPDATE: heap buffer overflow in getChunkOffsetTableSize()
    - debian/patches/CVE-2020-15306.patch: always ignore chunkCount
      attribute unless it cannot be computed in
      IlmImf/ImfDeepTiledOutputFile.cpp, IlmImf/ImfMisc.cpp,
      IlmImf/ImfMisc.h, IlmImf/ImfMultiPartInputFile.cpp,
      IlmImf/ImfMultiPartOutputFile.cpp.
    - CVE-2020-15306

 -- Marc Deslauriers <email address hidden> Tue, 30 Jun 2020 14:23:38 -0400

Source diff to previous version
CVE-2020-15305 An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmI
CVE-2020-15306 An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in Il

Version: 2.2.1-4.1ubuntu1.1 2020-04-27 14:06:48 UTC

  openexr (2.2.1-4.1ubuntu1.1) eoan-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2020-117xx/*.patch: backported multiple upstream
      commits to fix a multitude of issues.
    - CVE-2020-11758
    - CVE-2020-11759
    - CVE-2020-11760
    - CVE-2020-11761
    - CVE-2020-11762
    - CVE-2020-11763
    - CVE-2020-11764
    - CVE-2020-11765

 -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2020 15:25:33 -0400

CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
CVE-2020-11759 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCou
CVE-2020-11760 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
CVE-2020-11761 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refi
CVE-2020-11762 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when h
CVE-2020-11763 An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11764 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2020-11765 An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Clas



About   -   Send Feedback to @ubuntu_updates