{"id":"MGASA-2020-0189","summary":"Updated openexr packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread in ImfOptimizedPixelReading.h. (CVE-2020-11758)\n\nAn issue was discovered in OpenEXR before 2.4.1. Because of integer\noverflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and\nreadSampleCountForLineBlock, an attacker can write to an out-of-bounds\npointer. (CVE-2020-11759)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread during RLE uncompression in rleUncompress in ImfRle.cpp.\n(CVE-2020-11760)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread during Huffman uncompression, as demonstrated by FastHufDecoder::refill\nin ImfFastHuf.cpp. (CVE-2020-11761)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nread and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when\nhandling the UNKNOWN compression case. (CVE-2020-11762)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an std::vector\nout-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.\n(CVE-2020-11763)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds\nwrite in copyIntoFrameBuffer in ImfMisc.cpp. (CVE-2020-11764)\n\nAn issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error\nin use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier,\nleading to an out-of-bounds read. (CVE-2020-11765)\n","modified":"2026-04-16T00:10:09.516896711Z","published":"2020-05-05T12:20:37Z","upstream":["CVE-2020-11758","CVE-2020-11759","CVE-2020-11760","CVE-2020-11761","CVE-2020-11762","CVE-2020-11763","CVE-2020-11764","CVE-2020-11765"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0189.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26551"},{"type":"WEB","url":"https://usn.ubuntu.com/4339-1/"}],"affected":[{"package":{"name":"openexr","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/openexr?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.0-2.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0189.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}