Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 810541 (CVE-2021-3605) - <media-libs/openexr-{2.5.7,3.1.1}: OOB read (CVE-2021-3605)
Summary: <media-libs/openexr-{2.5.7,3.1.1}: OOB read (CVE-2021-3605)
Status: CONFIRMED
Alias: CVE-2021-3605
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B4 [stable]
Keywords:
Depends on: CVE-2021-23169
Blocks:
  Show dependency tree
 
Reported: 2021-08-26 21:22 UTC by John Helmert III
Modified: 2021-08-26 22:06 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-08-26 21:22:11 UTC
CVE-2021-3605:

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Comment 1 John Helmert III gentoo-dev Security 2021-08-26 21:24:04 UTC
I can see the patch is in 3.1.1, what about 2.5.x?
Comment 3 John Helmert III gentoo-dev Security 2021-08-26 22:06:05 UTC
Thanks!