From b8da2fa117c6ed997f7563982dc3399812507e56 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Fri, 19 Sep 2025 09:22:11 +0800 Subject: [PATCH] Fix CVE-2021-3941 --- CVE-2021-3941.patch | 92 +++++++++++++++++++++++++++++++++++++++++++++ OpenEXR.spec | 6 ++- 2 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 CVE-2021-3941.patch diff --git a/CVE-2021-3941.patch b/CVE-2021-3941.patch new file mode 100644 index 0000000..2f25f22 --- /dev/null +++ b/CVE-2021-3941.patch @@ -0,0 +1,92 @@ +From: Markus Koschany +Date: Thu, 8 Dec 2022 12:10:03 +0100 +Subject: CVE-2021-3941 + +Bug-Debian: https://bugs.debian.org/1014828 +Origin: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed +--- + IlmImf/ImfChromaticities.cpp | 43 ++++++++++++++++++++++++++++++------ + 1 file changed, 36 insertions(+), 7 deletions(-) + +diff --git a/IlmImf/ImfChromaticities.cpp b/IlmImf/ImfChromaticities.cpp +index c073208..9129f8f 100644 +--- a/IlmImf/ImfChromaticities.cpp ++++ b/IlmImf/ImfChromaticities.cpp +@@ -44,6 +44,10 @@ + #include "ImfNamespace.h" + #include + ++ ++#include ++#include ++ + OPENEXR_IMF_INTERNAL_NAMESPACE_SOURCE_ENTER + + +@@ -90,34 +94,59 @@ RGBtoXYZ (const Chromaticities &chroma, float Y) + // X and Z values of RGB value (1, 1, 1), or "white" + // + ++ // prevent a division that rounds to zero ++ if (abs(chroma.white.y) <= 1.f && abs(chroma.white.x * Y) >= abs(chroma.white.y) * FLT_MAX) ++ { ++ throw std::invalid_argument("Bad chromaticities: white.y cannot be zero"); ++ } ++ + float X = chroma.white.x * Y / chroma.white.y; + float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y; + + // +- // Scale factors for matrix rows ++ // Scale factors for matrix rows, compute numerators and common denominator + // + + float d = chroma.red.x * (chroma.blue.y - chroma.green.y) + + chroma.blue.x * (chroma.green.y - chroma.red.y) + + chroma.green.x * (chroma.red.y - chroma.blue.y); + +- float Sr = (X * (chroma.blue.y - chroma.green.y) - ++ ++ ++ float SrN = (X * (chroma.blue.y - chroma.green.y) - + chroma.green.x * (Y * (chroma.blue.y - 1) + + chroma.blue.y * (X + Z)) + + chroma.blue.x * (Y * (chroma.green.y - 1) + +- chroma.green.y * (X + Z))) / d; ++ chroma.green.y * (X + Z))); ++ + +- float Sg = (X * (chroma.red.y - chroma.blue.y) + ++ float SgN = (X * (chroma.red.y - chroma.blue.y) + + chroma.red.x * (Y * (chroma.blue.y - 1) + + chroma.blue.y * (X + Z)) - + chroma.blue.x * (Y * (chroma.red.y - 1) + +- chroma.red.y * (X + Z))) / d; ++ chroma.red.y * (X + Z))); + +- float Sb = (X * (chroma.green.y - chroma.red.y) - ++ float SbN = (X * (chroma.green.y - chroma.red.y) - + chroma.red.x * (Y * (chroma.green.y - 1) + + chroma.green.y * (X + Z)) + + chroma.green.x * (Y * (chroma.red.y - 1) + +- chroma.red.y * (X + Z))) / d; ++ chroma.red.y * (X + Z))); ++ ++ ++ if ( abs(d)<1.f && (abs(SrN) >= abs(d)* FLT_MAX || abs(SgN) >= abs(d)* FLT_MAX || abs(SbN) >= abs(d)* FLT_MAX) ) ++ { ++ // cannot generate matrix if all RGB primaries have the same y value ++ // or if they all have the an x value of zero ++ // in both cases, the primaries are colinear, which makes them unusable ++ throw std::invalid_argument("Bad chromaticities: RGBtoXYZ matrix is degenerate"); ++ } ++ ++ ++ ++ float Sr = SrN / d; ++ float Sg = SgN / d; ++ float Sb = SbN / d; ++ + + // + // Assemble the matrix diff --git a/OpenEXR.spec b/OpenEXR.spec index 290ab36..a1622d4 100644 --- a/OpenEXR.spec +++ b/OpenEXR.spec @@ -1,7 +1,7 @@ Name: OpenEXR Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications Version: 2.2.0 -Release: 30 +Release: 31 License: BSD URL: http://www.openexr.com/ Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz @@ -41,6 +41,7 @@ Patch0027: CVE-2021-20304.patch Patch0028: CVE-2021-20298.patch Patch0029: CVE-2024-31047.patch Patch0030: CVE-2020-16588.patch +Patch0031: CVE-2021-3941.patch BuildConflicts: %{name}-devel < 2.2.0 BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig @@ -104,6 +105,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}" %{_libdir}/pkgconfig/OpenEXR.pc %changelog +* Fri Sep 19 2025 yaoxin <1024769339@qq.com> - 2.2.0-31 +- Fix CVE-2021-3941 + * Tue Jul 8 2025 lipengyu - 2.2.0-30 - Fix CVE-2020-16588 -- Gitee