An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. References: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829004] Created mingw-OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829003]
OpenEXR versions shipped with Red Hat Enterprise Linux 7 and 8 are affected by this flaw.
This commit appears to be part of the upstream patch: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09#diff-bc045e5e1fe1f254dd90bd6b7a89cd13
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4039 https://access.redhat.com/errata/RHSA-2020:4039
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-11761