An update for OpenEXR is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1060
Final
1.0
1.0
2021-03-05
Initial
2021-03-05
2021-03-05
openEuler SA Tool V1.0
2021-03-05
OpenEXR security update
An update for OpenEXR is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.
OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications.
Security Fix(es):
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.(CVE-2017-9114)
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.(CVE-2017-9110)
In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.(CVE-2017-9112)
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.(CVE-2017-9111)
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.(CVE-2017-9116)
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.(CVE-2017-9115)
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.(CVE-2017-9113)
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.(CVE-2017-12596)
An update for OpenEXR is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
OpenEXR
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-9114
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-9110
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-9112
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-9111
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-9116
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-9115
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-9113
https://openeuler.org/en/security/cve/detail.html?id=CVE-2017-12596
https://nvd.nist.gov/vuln/detail/CVE-2017-9114
https://nvd.nist.gov/vuln/detail/CVE-2017-9110
https://nvd.nist.gov/vuln/detail/CVE-2017-9112
https://nvd.nist.gov/vuln/detail/CVE-2017-9111
https://nvd.nist.gov/vuln/detail/CVE-2017-9116
https://nvd.nist.gov/vuln/detail/CVE-2017-9115
https://nvd.nist.gov/vuln/detail/CVE-2017-9113
https://nvd.nist.gov/vuln/detail/CVE-2017-12596
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
OpenEXR-2.2.0-18.oe1.aarch64.rpm
OpenEXR-devel-2.2.0-18.oe1.aarch64.rpm
OpenEXR-debuginfo-2.2.0-18.oe1.aarch64.rpm
OpenEXR-libs-2.2.0-18.oe1.aarch64.rpm
OpenEXR-debugsource-2.2.0-18.oe1.aarch64.rpm
OpenEXR-2.2.0-18.oe1.aarch64.rpm
OpenEXR-devel-2.2.0-18.oe1.aarch64.rpm
OpenEXR-debuginfo-2.2.0-18.oe1.aarch64.rpm
OpenEXR-libs-2.2.0-18.oe1.aarch64.rpm
OpenEXR-debugsource-2.2.0-18.oe1.aarch64.rpm
OpenEXR-2.2.0-18.oe1.src.rpm
OpenEXR-2.2.0-18.oe1.src.rpm
OpenEXR-libs-2.2.0-18.oe1.x86_64.rpm
OpenEXR-devel-2.2.0-18.oe1.x86_64.rpm
OpenEXR-2.2.0-18.oe1.x86_64.rpm
OpenEXR-debuginfo-2.2.0-18.oe1.x86_64.rpm
OpenEXR-debugsource-2.2.0-18.oe1.x86_64.rpm
OpenEXR-libs-2.2.0-18.oe1.x86_64.rpm
OpenEXR-devel-2.2.0-18.oe1.x86_64.rpm
OpenEXR-2.2.0-18.oe1.x86_64.rpm
OpenEXR-debuginfo-2.2.0-18.oe1.x86_64.rpm
OpenEXR-debugsource-2.2.0-18.oe1.x86_64.rpm
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
2021-03-05
CVE-2017-9114
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
2021-03-05
CVE-2017-9110
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
2021-03-05
CVE-2017-9112
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
2021-03-05
CVE-2017-9111
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
2021-03-05
CVE-2017-9116
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
2021-03-05
CVE-2017-9115
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
2021-03-05
CVE-2017-9113
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
2021-03-05
CVE-2017-12596
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
High
7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
OpenEXR security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1060