Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts
External References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1939185]
I *believe* this is the upstream patch: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1 It is not quite clear from the oss-fuzz output (I don't have access to the "detailed report." Flaw summary: Integer overflow in DeepTiledInputFile::initialize() of src/lib/OpenEXR/ImfDeepTiledInputFile.cpp could lead to an out-of-bounds read in DeepTiledInputFile::readPixelSampleCounts() based on the file's tileDesc.xSize and tileDesc.ySize.
This is fixed in OpenEXR v2.5.4, v2.5.5, and v3.0.1 and beyond.
This is also fixed in OpenEXR v2.4.3 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-243-may-17-2021