REDHAT-BUG-2455408: High severity OpenEXR OpenEXR vulnerability
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2455408?
The severity of REDHAT-BUG-2455408 is considered to be high due to potential data corruption issues.
How do I fix REDHAT-BUG-2455408?
To fix REDHAT-BUG-2455408, upgrade the OpenEXR library to version 3.2.7 or later.
What versions of OpenEXR are affected by REDHAT-BUG-2455408?
OpenEXR versions from 3.1.0 to before 3.2.7 and 3.3.0 to 3.3.9, as well as 3.4.0 to 3.4.9 are affected by REDHAT-BUG-2455408.
What specific issue does REDHAT-BUG-2455408 address?
REDHAT-BUG-2455408 addresses a vulnerability in the internal_exr_undo_piz() function that can lead to data corruption through improper arithmetic operations.
Is there a workaround for REDHAT-BUG-2455408?
There are no recommended workarounds for REDHAT-BUG-2455408; upgrading is the only effective solution.