Bug 1829010 (CVE-2020-11759)
Summary: | CVE-2020-11759 OpenEXR: out-of-bounds write due to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jeischma, jridky, kwizart, manisandro, rdieter, rh-spice-bugs |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | OpenEXR 2.4.1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-01 17:12:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1829018, 1829019, 1834526, 1834527 | ||
Bug Blocks: | 1829017 |
Description
Guilherme de Almeida Suckevicz
2020-04-28 17:30:57 UTC
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829019] Created mingw-OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829018] Upstream patch: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446#diff-c94c7f60fd67c758b01f35b05c753bab Other associated patches: https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4#diff-43177fd19d088bdab917430799223092 Appears to be caused by an integer overflow due to use of an int type rather than ptrdiff_t type in CompositeDeepScanLine::Data::handleDeepFrameBuffer. Statement: The versions of OpenEXR which are vulnerable to this flaw are not shipped in Red Hat Enterprise Linux 7 or prior. After speaking with upstream, the patch for this was actually: https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/41a99da450e749800182674012c8df002919e15a . |