FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenEXR -- heap buffer overflow in internal_huf_decompress

Affected packages
openexr < 3.1.9

Details

VuXML ID 06428d91-152e-11ee-8b14-dbdd62da85fb
Discovery 2023-05-28
Entry 2023-06-27

oss-fuzz reports:

heap buffer overflow in internal_huf_decompress.

[source]

Cary Phillips reports:

v3.1.9 - Patch release that addresses [...] also OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress

[source]

Kimball Thurston reports:

Fix scenario where malformed dwa file could read past end of buffer - fixes OSS-Fuzz 59382

[source]

References

URL https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382
URL https://github.com/AcademySoftwareFoundation/openexr/commit/e431f7e189d0785bb84a5bfb83391e9e58590c49
URL https://github.com/AcademySoftwareFoundation/openexr/pull/1439
URL https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.