Bug 2019783 (CVE-2021-3933) - CVE-2021-3933 openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTable
Summary: CVE-2021-3933 openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTable
Keywords:
Status: NEW
Alias: CVE-2021-3933
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2019784 2019785 2020444 2020445 2020446
Blocks: 2013538 2021121
TreeView+ depends on / blocked
 
Reported: 2021-11-03 10:53 UTC by Dhananjay Arunesh
Modified: 2023-09-22 09:21 UTC (History)
5 users (show)

Fixed In Version: OpenEXR 3.1.2
Doc Type: If docs needed, set a value
Doc Text:
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t is less than 64 bits. This issue could cause an invalid bytesPerLine and maxBytesPerLine value, which leads to problems with application stability or other attack paths.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2021-11-03 10:53:32 UTC
A vulnerability was found in openexr where an Integer-overflow was found in Imf_3_1::bytesPerDeepLineTable.

References:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912

Comment 1 Dhananjay Arunesh 2021-11-03 10:54:00 UTC
Created mingw-openexr tracking bugs for this issue:

Affects: fedora-all [bug 2019785]


Created openexr tracking bugs for this issue:

Affects: fedora-all [bug 2019784]

Comment 2 Richard Shaw 2021-11-04 02:02:49 UTC
This is already fixed for Fedora 35+ (already on 3.1.2). Unless upstream wants to backport the fixes/patches to 2.5 I have no intention of update Fedora 33 & 34.

Comment 3 Todd Cullum 2021-11-04 21:18:27 UTC
Flaw summary:

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Comment 8 Sandro Mani 2022-01-28 18:51:58 UTC
Patch: https://github.com/AcademySoftwareFoundation/openexr/commit/5db6f7aee79e3e75e8c3780b18b28699614dd08e (also applies to ImfMisc.cpp of openexr-2.5.5)


Note You need to log in before you can comment on or make changes to this bug.