diff --git a/CVE-2020-16588.patch b/CVE-2020-16588.patch new file mode 100644 index 0000000000000000000000000000000000000000..c49db03ce8deffdd5a5cab660800b0c1f9234b59 --- /dev/null +++ b/CVE-2020-16588.patch @@ -0,0 +1,30 @@ +From 74504503cff86e986bac441213c403b0ba28d58f Fri Jul 04 00:00:00 2025 +From: peterhillman +Date: Tue, 8 Jul 2025 00:39:50 +0800 +Subject: Fix logic for 1 pixel high/wide preview image + +Origin:https://github.com/AcademySoftwareFoundation/openexr/pull/497 + +Signed-off-by: lipenguyu +--- + exrmakepreview/makePreview.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/exrmakepreview/makePreview.cpp b/exrmakepreview/makePreview.cpp +index dc2b1da..2685d89 100644 +--- a/exrmakepreview/makePreview.cpp ++++ b/exrmakepreview/makePreview.cpp +@@ -120,8 +120,8 @@ generatePreview (const char inFileName[], + previewHeight = max (int (h / (w * a) * previewWidth + .5f), 1); + previewPixels.resizeErase (previewHeight, previewWidth); + +- float fx = (previewWidth > 0)? (float (w - 1) / (previewWidth - 1)): 1; +- float fy = (previewHeight > 0)? (float (h - 1) / (previewHeight - 1)): 1; ++ float fx = (previewWidth > 1)? (float (w - 1) / (previewWidth - 1)): 1; ++ float fy = (previewHeight > 1)? (float (h - 1) / (previewHeight - 1)): 1; + float m = Math::pow (2.f, clamp (exposure + 2.47393f, -20.f, 20.f)); + + for (int y = 0; y < previewHeight; ++y) +-- +2.23.0 + diff --git a/CVE-2021-3478.patch b/CVE-2021-3478.patch deleted file mode 100644 index 1a09a4ef10b62fd6383ff5524b0441effc322c87..0000000000000000000000000000000000000000 --- a/CVE-2021-3478.patch +++ /dev/null @@ -1,35 +0,0 @@ -From bc88cdb6c97fbf5bc5d11ad8ca55306da931283a Mon Sep 17 00:00:00 2001 -From: peterhillman -Date: Fri, 20 Nov 2020 08:30:08 +1300 -Subject: [PATCH] sanity check ScanlineInput bytesPerLine instead of lineOffset - size (#863) - -Signed-off-by: Peter Hillman - -Co-authored-by: Cary Phillips ---- - IlmImf/ImfScanLineInputFile.cpp | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/IlmImf/ImfScanLineInputFile.cpp b/IlmImf/ImfScanLineInputFile.cpp -index 649fc304b..54caec01d 100644 ---- a/IlmImf/ImfScanLineInputFile.cpp -+++ b/IlmImf/ImfScanLineInputFile.cpp -@@ -1135,14 +1135,14 @@ void ScanLineInputFile::initialize(const Header& header) - _data->linesInBuffer) / _data->linesInBuffer; - - // -- // avoid allocating excessive memory due to large lineOffsets table size. -+ // avoid allocating excessive memory due to large lineOffsets and bytesPerLine table sizes. - // If the chunktablesize claims to be large, -- // check the file is big enough to contain the table before allocating memory -+ // check the file is big enough to contain the lineOffsets table before allocating memory - // in the bytesPerLineTable and the lineOffsets table. - // Attempt to read the last entry in the table. Either the seekg() or the read() - // call will throw an exception if the file is too small to contain the table - // -- if (lineOffsetSize > gLargeChunkTableSize) -+ if (lineOffsetSize * _data->linesInBuffer > gLargeChunkTableSize) - { - Int64 pos = _streamData->is->tellg(); - _streamData->is->seekg(pos + (lineOffsetSize-1)*sizeof(Int64)); diff --git a/OpenEXR.spec b/OpenEXR.spec index a6aa60b743a516f07fe710fc7f64b481a749c1d8..290ab36518f68bfa503be564092dff435576d8f3 100644 --- a/OpenEXR.spec +++ b/OpenEXR.spec @@ -1,7 +1,7 @@ Name: OpenEXR Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications Version: 2.2.0 -Release: 29 +Release: 30 License: BSD URL: http://www.openexr.com/ Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz @@ -40,6 +40,7 @@ Patch0026: CVE-2021-3933.patch Patch0027: CVE-2021-20304.patch Patch0028: CVE-2021-20298.patch Patch0029: CVE-2024-31047.patch +Patch0030: CVE-2020-16588.patch BuildConflicts: %{name}-devel < 2.2.0 BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig @@ -103,6 +104,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}" %{_libdir}/pkgconfig/OpenEXR.pc %changelog +* Tue Jul 8 2025 lipengyu - 2.2.0-30 +- Fix CVE-2020-16588 + * Wed Apr 17 2024 wangkai <13474090681@163.com> - 2.2.0-29 - Fix CVE-2024-31047