Integer-overflow in Imf_2_5::hufUncompress
External References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1939174]
Upstream patch: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0
Flaw summary: in hufUncompress of OpenEXR/IlmImf/ImfHuf.cpp, nBits+7 could overflow in the calculation of `if ( ptr + (nBits+7 )/8 > compressed+nCompressed)`. This could lead to an impact to application availability if nBits is too large. The patch casts to 64-bit type to prevent this.
Statement: This flaw does not affect OpenEXR shipped with Red Hat Enterprise Linux 6, 7, or 8 because the vulnerable code was introduced in a newer version of OpenEXR.