{"id":"MGASA-2021-0015","summary":"Updated openexr packages fix security vulnerabilities","details":"An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file\ncould cause invalid memory access in TiledInputFile::TiledInputFile() in\nIlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference\n(CVE-2020-15304).\n\nAn issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a\nuse-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in\nIlmImf/ImfDeepScanLineInputFile.cpp (CVE-2020-15305).\n\nAn issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes\ncould cause a heap buffer overflow in getChunkOffsetTableSize() in\nIlmImf/ImfMisc.cpp (CVE-2020-15306).\n\nA heap-based buffer overflow vulnerability exists in Academy Software\nFoundation OpenEXR 2.3.0 in chunkOffsetReconstruction in\nImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR\nfile (CVE-2020-16587).\n\nA Null Pointer Deference issue exists in Academy Software Foundation OpenEXR\n2.3.0 in generatePreview in makePreview.cpp that can cause a denial of\nservice via a crafted EXR file (CVE-2020-16588).\n\nA head-based buffer overflow exists in Academy Software Foundation OpenEXR\n2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of\nservice via a crafted EXR file (CVE-2020-16589).\n","modified":"2026-02-02T04:27:46.956217Z","published":"2021-01-10T19:46:12Z","related":["CVE-2020-15304","CVE-2020-15305","CVE-2020-15306","CVE-2020-16587","CVE-2020-16588","CVE-2020-16589"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0015.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26914"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-4418-1"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-4676-1"}],"affected":[{"package":{"name":"openexr","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/openexr?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.0-2.3.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0015.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}