diff --git a/CVE-2021-3605.patch b/CVE-2021-3605.patch new file mode 100644 index 0000000000000000000000000000000000000000..ea277d278ce0a1b9a8c4db6dfbd3d53a684262a2 --- /dev/null +++ b/CVE-2021-3605.patch @@ -0,0 +1,27 @@ +From 2a4f6d9ecd0c9ab2dfaf6bdb99ec962aa1ad09e9 Mon Sep 17 00:00:00 2001 +From: peterhillman +Date: Fri,4 Jun 2021 11:12:16 +1200 +Subject: [PATCH] detect buffer overflow in RleUncompress(#1036) + +--- + IlmImf/ImfRle.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/IlmImf/ImfRle.cpp b/IlmImf/ImfRle.cpp +index f6992fa..458f261 100644 +--- a/IlmImf/ImfRle.cpp ++++ b/IlmImf/ImfRle.cpp +@@ -145,6 +145,10 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[]) + + if (0 > (maxLength -= count + 1)) + return 0; ++ //check the input buffer is big enough to contain ++ //byte to be duplicated ++ if (inLength < 0) ++ return 0; + + memset(out, *(char*)in, count+1); + out += count+1; +-- +2.27.0 + diff --git a/OpenEXR.spec b/OpenEXR.spec index 8534a13a59d7b3062fb0828a4a8f7b7da20359ef..9039f3732015c2ece0163b6bfe2c992eb5b1976c 100644 --- a/OpenEXR.spec +++ b/OpenEXR.spec @@ -1,7 +1,7 @@ Name: OpenEXR Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications Version: 2.2.0 -Release: 20 +Release: 21 License: BSD URL: http://www.openexr.com/ Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz @@ -23,6 +23,7 @@ Patch0013: CVE-2021-3475.patch Patch0014: CVE-2021-23215.patch Patch0015: CVE-2021-23169.patch Patch0016: CVE-2021-26260.patch +Patch0017: CVE-2021-3605.patch BuildConflicts: %{name}-devel < 2.2.0 BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig @@ -86,6 +87,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}" %{_libdir}/pkgconfig/OpenEXR.pc %changelog +* Thu Sat 2 2021 liwu - 2.2.0-21 +- fix CVE-2021-3605 + * Tue Jun 22 2021 houyingchao - 2.2.0-20 - fix CVE-2021-23215 CVE-2021-23169 CVE-2021-26260