An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.2.0-10ubuntu2.2", "binary_name": "libopenexr-dev" }, { "binary_version": "2.2.0-10ubuntu2.2", "binary_name": "libopenexr22" }, { "binary_version": "2.2.0-10ubuntu2.2", "binary_name": "libopenexr22-dbgsym" }, { "binary_version": "2.2.0-10ubuntu2.2", "binary_name": "openexr" }, { "binary_version": "2.2.0-10ubuntu2.2", "binary_name": "openexr-dbgsym" }, { "binary_version": "2.2.0-10ubuntu2.2", "binary_name": "openexr-doc" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.2.0-11.1ubuntu1.2", "binary_name": "libopenexr-dev" }, { "binary_version": "2.2.0-11.1ubuntu1.2", "binary_name": "libopenexr22" }, { "binary_version": "2.2.0-11.1ubuntu1.2", "binary_name": "libopenexr22-dbgsym" }, { "binary_version": "2.2.0-11.1ubuntu1.2", "binary_name": "openexr" }, { "binary_version": "2.2.0-11.1ubuntu1.2", "binary_name": "openexr-dbgsym" }, { "binary_version": "2.2.0-11.1ubuntu1.2", "binary_name": "openexr-doc" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.3.0-6ubuntu0.1", "binary_name": "libopenexr-dev" }, { "binary_version": "2.3.0-6ubuntu0.1", "binary_name": "libopenexr24" }, { "binary_version": "2.3.0-6ubuntu0.1", "binary_name": "libopenexr24-dbgsym" }, { "binary_version": "2.3.0-6ubuntu0.1", "binary_name": "openexr" }, { "binary_version": "2.3.0-6ubuntu0.1", "binary_name": "openexr-dbgsym" }, { "binary_version": "2.3.0-6ubuntu0.1", "binary_name": "openexr-doc" } ] }