An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. References: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829016] Created mingw-OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829015]
This looks like it may be caused by the same root issue as CVE-2020-11759 - see upstream commit[1]. Note the patch is not in ImfOptimizedPixelReading.h but there's a call to DeepScanLineInputFile::DeepScanLineInputFile() earlier in the call stack which was patched. 1. https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4
Statement: The versions of OpenEXR shipped with Red Hat Enterprise Linux 7 and prior are not affected by this vulnerability.
The patch for this was actually done here: https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/8b97a010d2f74f5125e8608c67c638db059c7cbd