Security update for openexr
This update for openexr fixes the following issues:
- CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107)
- CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114)
- CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1052522
VUL-0: CVE-2017-12596: OpenEXR,openexr: crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp
bnc#1040114
VUL-0: CVE-2017-9114: openexr,OpenEXR: invalid read of size 1 in the refill function in ImfFastHuf.cpp
bnc#1040107
VUL-1: CVE-2017-9110: openexr,OpenEXR: invalid read of size 2 in the hufDecode function inImfHuf.cpp
