Summary: | <media-libs/openexr-3.1.12: oss fuzz issues | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | ajak, media-video, proxy-maint, waebbl-gentoo |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/34218 | ||
Whiteboard: | B2 [stable?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 921829 | ||
Bug Blocks: |
Description
John Helmert III
2023-10-29 23:55:17 UTC
CVE-2023-5841 (https://takeonme.org/cves/CVE-2023-5841.html): Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. Fixed in 3.1.12 and 3.2.2 according to their release notes: https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.12 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2 The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b98534f3604d967cd45877e8c1752cd7116563ca commit b98534f3604d967cd45877e8c1752cd7116563ca Author: Paul Zander <negril.nx+gentoo@gmail.com> AuthorDate: 2023-10-26 08:07:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 01:44:49 +0000 media-libs/openexr: add 3.1.12, 3.2.2 Closes: https://bugs.gentoo.org/920528 Closes: https://bugs.gentoo.org/916514 Closes: https://bugs.gentoo.org/908257 Signed-off-by: Paul Zander <negril.nx+gentoo@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/34218 Signed-off-by: Sam James <sam@gentoo.org> media-libs/openexr/Manifest | 3 + .../files/openexr-3.2.1-bintests-iff-utils.patch | 14 +++ media-libs/openexr/openexr-3.1.12.ebuild | 69 +++++++++++ media-libs/openexr/openexr-3.2.2.ebuild | 130 +++++++++++++++++++++ 4 files changed, 216 insertions(+) See the "Note:" at the top of security bugs. Thanks, please stable when ready. |