| Description: | Summary:
The remote host is missing an update for the 'openexr' package(s) announced via the MGASA-2021-0015 advisory.
Vulnerability Insight:
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file
could cause invalid memory access in TiledInputFile::TiledInputFile() in
IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference
(CVE-2020-15304).
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a
use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in
IlmImf/ImfDeepScanLineInputFile.cpp (CVE-2020-15305).
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes
could cause a heap buffer overflow in getChunkOffsetTableSize() in
IlmImf/ImfMisc.cpp (CVE-2020-15306).
A heap-based buffer overflow vulnerability exists in Academy Software
Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in
ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR
file (CVE-2020-16587).
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR
2.3.0 in generatePreview in makePreview.cpp that can cause a denial of
service via a crafted EXR file (CVE-2020-16588).
A head-based buffer overflow exists in Academy Software Foundation OpenEXR
2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of
service via a crafted EXR file (CVE-2020-16589).
Affected Software/OS:
'openexr' package(s) on Mageia 7.
Solution:
Please install the updated package(s).
CVSS Score:
4.3
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
