AXSA:2020-656:02

Release date: 
Friday, October 9, 2020 - 10:55
Subject: 
OpenEXR-1.7.1-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format.

Security Fix(es):

* OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761)

* OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763)

* OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764)

CVE-2020-11761
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
CVE-2020-11763
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11764
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. OpenEXR-1.7.1-8.el7.src.rpm
    MD5: a5b1485cc97dea7f246ac8b9a07bc7fc
    SHA-256: 60cbc6af608249f449e83519a7f0dcf0c2164213e061318dbdb78858f64a06b3
    Size: 12.93 MB

Asianux Server 7 for x86_64
  1. OpenEXR-libs-1.7.1-8.el7.x86_64.rpm
    MD5: 869c17afa3dd3657e52e3998d588fb60
    SHA-256: a4c168ffb4169234c7d6d7d3873a46dea9c9daa5b004bb2b9c757e364cf04890
    Size: 216.08 kB
  2. OpenEXR-libs-1.7.1-8.el7.i686.rpm
    MD5: 44aab1a8b92568acae9f6ab3d0a65471
    SHA-256: 695c76fcc87c752b7f833d63298ba2edecb7d100af2619fae15e36e444396da6
    Size: 221.74 kB
Copyright© 2007-2015 Asianux. All rights reserved.