Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 810541 (CVE-2021-3605) - <media-libs/openexr-{2.5.7,3.1.1}: OOB read (CVE-2021-3605)
Summary: <media-libs/openexr-{2.5.7,3.1.1}: OOB read (CVE-2021-3605)
Alias: CVE-2021-3605
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [stable]
Depends on: CVE-2021-23169
  Show dependency tree
Reported: 2021-08-26 21:22 UTC by John Helmert III
Modified: 2021-08-26 22:06 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-08-26 21:22:11 UTC

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Comment 1 John Helmert III gentoo-dev Security 2021-08-26 21:24:04 UTC
I can see the patch is in 3.1.1, what about 2.5.x?
Comment 3 John Helmert III gentoo-dev Security 2021-08-26 22:06:05 UTC