Bug 2047745 (CVE-2021-45942) - CVE-2021-45942 OpenEXR: heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute
Summary: CVE-2021-45942 OpenEXR: heap-based buffer overflow in Imf_3_1:LineCompositeTa...
Keywords:
Status: NEW
Alias: CVE-2021-45942
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2047746 2051592 2051591 2051596 2051598
Blocks: 2047750
TreeView+ depends on / blocked
 
Reported: 2022-01-28 13:13 UTC by Marian Rehak
Modified: 2022-03-28 19:30 UTC (History)
5 users (show)

Fixed In Version: OpenEXR 3.1.4
Doc Type: If docs needed, set a value
Doc Text:
A heap-based-buffer-overflow vulnerability was found in OpenEXR's composite_line() function in the 'ImfCompositeDeepScanLine.cpp' file. This flaw allows an attacker to pass a specially crafted file to OpenEXR, by tricking the victim into opening it, triggering a heap-based buffer overflow. This leads to memory corruption and allows an attacker to cause a denial of service.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Marian Rehak 2022-01-28 13:13:05 UTC
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Reference:

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416

Comment 1 Marian Rehak 2022-01-28 13:13:23 UTC
Created OpenEXR tracking bugs for this issue:

Affects: fedora-all [bug 2047746]

Comment 2 juneau 2022-01-28 16:12:18 UTC
Marking quay-io-3 affected/delegated. Affect code exists in container image* but likelihood of exploit is unknown.

*quay-io-3/quayio/flush-redis:latest/openexr-2.2.1-4.1 https://quay.io/app-sre/flush-redis:latest

Comment 5 TEJ RATHI 2022-02-07 14:37:14 UTC
Filing trackers for RHEL-8,9. So that engineering can have closer look and decide accordingly.

Comment 8 TEJ RATHI 2022-02-07 15:18:34 UTC
Created mingw-openexr tracking bugs for this issue:

Affects: fedora-all [bug 2051598]


Note You need to log in before you can comment on or make changes to this bug.