[ubuntu/bionic-security] openexr 2.2.0-11.1ubuntu1.7 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 22 11:07:09 UTC 2021

openexr (2.2.0-11.1ubuntu1.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow in function readChars
    - debian/patches/CVE-2021-3598.patch: verify data size in deepscanlines
      with NO_COMPRESSION in IlmImf/ImfDeepScanLineInputFile.cpp.
    - CVE-2021-3598
  * SECURITY UPDATE: Heap buffer overflow in the rleUncompress function
    - debian/patches/CVE-2021-3605.patch: detect buffer overflows in
    - CVE-2021-3605
  * SECURITY UPDATE: null deref in Dwa decompression
    - debian/patches/CVE-2021-20296.patch: double-check unpackedBuffer
      created in DWA uncompress in IlmImf/ImfDwaCompressor.cpp.
    - CVE-2021-20296
  * SECURITY UPDATE: heap overflow in DwaCompressor
    - debian/patches/CVE-2021-23215-pre1.patch: switch over to use
      compressBound() instead of manually computing headroom for compress()
      in IlmImf/ImfDwaCompressor.cpp.
    - debian/patches/CVE-2021-23215.patch: use size_t for DWA buffersize
      calculation in IlmImf/ImfDwaCompressor.cpp.
    - CVE-2021-23215
  * SECURITY UPDATE: heap overflow in DwaCompressor
    - debian/patches/CVE-2021-26260.patch: prevent int overflow in
      buffersize calculation in IlmImf/ImfDwaCompressor.cpp.
    - CVE-2021-26260

Date: 2021-06-21 17:00:10.690496+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list