An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. Reference: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020
Created OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829000] Created mingw-OpenEXR tracking bugs for this issue: Affects: fedora-all [bug 1829001]
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Statement: This issue does not affect versions of OpenEXR shipped with Red Enterprise Linux 7 or earlier as the vulnerable code was not yet implemented.
This flaw seems to be the same underlying issue as CVE-2020-11761.
Upstream patch: https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/40c6dd5b729b011eb354ab64d8b17f2366024c23