Advisories ยป MGASA-2018-0032

Updated OpenEXR packages fix security vulnerability

Publication date: 03 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9110 , CVE-2017-9112 , CVE-2017-9116

Description

In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in
ImfHuf.cpp could cause the application to crash (CVE-2017-9110).

In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in
ImfHuf.cpp could cause the application to crash (CVE-2017-9112).

In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in
ImfZip.cpp could cause the application to crash (CVE-2017-9116).
                

References

SRPMS

5/core