Bug 1970987 (CVE-2021-3598)

Summary: CVE-2021-3598 OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readChars
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jeischma, jridky, manisandro, rdieter, rh-spice-bugs
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: OpenEXR 3.0.5 Doc Type: If docs needed, set a value
Doc Text:
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1970988, 1970989, 1973408, 1973409, 2023361    
Bug Blocks: 1970995, 1971055    

Description Pedro Sampaio 2021-06-11 15:39:32 UTC 
A heap-buffer overflow was found in the readChars function of OpenEXR in
versions before 3.0.3. An attacker could use this flaw to execute arbitrary
code with the permissions of the user running the application compiled
against OpenEXR.

Upstream issue:

https://github.com/AcademySoftwareFoundation/openexr/issues/1033

Upstream patch:

https://github.com/AcademySoftwareFoundation/openexr/pull/1037/commits/b0eeb890016a8c9dc0830f0b7be5a9c52cb829d4
Comment 1 Pedro Sampaio 2021-06-11 15:40:04 UTC 
Created OpenEXR tracking bugs for this issue:

Affects: fedora-all [bug 1970988]


Created mingw-OpenEXR tracking bugs for this issue:

Affects: fedora-all [bug 1970989]