Security update for openexr
This update for openexr fixes the following issues:
- CVE-2021-23215: Fixed an integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185216).
- CVE-2021-26260: Fixed an Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185217).
- CVE-2021-20296: Fixed a Null Pointer dereference in Imf_2_5:hufUncompress (bsc#1184355).
- CVE-2021-3477: Fixed a Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353).
- CVE-2021-3479: Fixed an Out-of-memory caused by allocation of a very large buffer (bsc#1184354).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1185217
VUL-0: CVE-2021-26260: OpenEXR,openexr: Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
bnc#1184355
VUL-0: CVE-2021-20296: openexr: Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference
bnc#1184353
VUL-0: CVE-2021-3477: openexr: Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts
bnc#1184354
VUL-0: CVE-2021-3479: openexr: Out-of-memory caused by allocation of a very large buffer
bnc#1185216
VUL-0: CVE-2021-23215: OpenEXR,openexr: Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
