Overview

File _patchinfo of Package patchinfo.6686

<patchinfo incident="6686">
  <issue id="1052522" tracker="bnc">VUL-0: CVE-2017-12596: OpenEXR,openexr: crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp</issue>
  <issue id="1040114" tracker="bnc">VUL-0: CVE-2017-9114: openexr,OpenEXR: invalid read of size 1 in the refill function in ImfFastHuf.cpp</issue>
  <issue id="1040107" tracker="bnc">VUL-1: CVE-2017-9110: openexr,OpenEXR: invalid read of size 2 in the hufDecode function inImfHuf.cpp</issue>
  <issue id="2017-12596" tracker="cve" />
  <issue id="2017-9110" tracker="cve" />
  <issue id="2017-9114" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for openexr fixes the following issues:

* CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107)
* CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.  (bsc#1040114)
* CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact.  (bsc#1052522)
</description>
  <summary>Security update for openexr</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places