diff --git a/openexr-CVE-2021-45942.patch b/openexr-CVE-2021-45942.patch new file mode 100644 index 0000000..281a0dd --- /dev/null +++ b/openexr-CVE-2021-45942.patch @@ -0,0 +1,32 @@ +diff --git a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp +index 0acbed04b..364a1f04b 100644 +--- a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp ++++ b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp +@@ -1961,14 +1961,20 @@ readSampleCountForLineBlock(InputStreamMutex* streamData, + // @TODO refactor the compressor code to ensure full 64-bit support. + // + +- int compressorMaxDataSize = std::numeric_limits::max(); +- if (sampleCountTableDataSize > uint64_t(compressorMaxDataSize)) ++ uint64_t compressorMaxDataSize = static_cast(std::numeric_limits::max()); ++ if (packedDataSize > compressorMaxDataSize || ++ unpackedDataSize > compressorMaxDataSize || ++ sampleCountTableDataSize > compressorMaxDataSize) + { +- THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not " +- << "support the allocation of data with size > " +- << compressorMaxDataSize +- << " file table size :" << sampleCountTableDataSize << ".\n"); ++ THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not" ++ << "support the allocation of data with size > " ++ << compressorMaxDataSize ++ << " file table size :" << sampleCountTableDataSize ++ << " file unpacked size :" << unpackedDataSize ++ << " file packed size :" << packedDataSize << ".\n"); + } ++ ++ + streamData->is->read(data->sampleCountTableBuffer, static_cast(sampleCountTableDataSize)); + + const char* readPtr; + diff --git a/openexr.changes b/openexr.changes index 954e61d..3749f13 100644 --- a/openexr.changes +++ b/openexr.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Jan 5 12:55:27 UTC 2022 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute + + openexr-CVE-2021-45942.patch + ------------------------------------------------------------------- Tue Nov 9 10:15:53 UTC 2021 - pgajdos@suse.com diff --git a/openexr.spec b/openexr.spec index a3be8b1..4f560b3 100644 --- a/openexr.spec +++ b/openexr.spec @@ -1,7 +1,7 @@ # # spec file for package openexr # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,6 +30,8 @@ Group: Development/Libraries/C and C++ URL: https://www.openexr.com/ Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz Source2: baselibs.conf +# CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute +Patch0: openexr-CVE-2021-45942.patch BuildRequires: cmake >= 3.12 BuildRequires: fltk-devel BuildRequires: freeglut-devel