Resolves: RHEL-153422 - fix CVE-2026-27622
Signed-off-by: Josef Ridky <jridky@redhat.com>
This commit is contained in:
Josef Ridky
parent
62ed6862d0
commit
27f22f22bd
34
openexr-CVE-2026-27622.patch
Normal file
34
openexr-CVE-2026-27622.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From a6ddaf5faa6e0e2119763ed93e5745c2ec164c2d Mon Sep 17 00:00:00 2001
|
||||
From: Cary Phillips <cary@ilm.com>
|
||||
Date: Sat, 21 Feb 2026 17:15:42 -0800
|
||||
Subject: [PATCH] Report an error if a deep pixel as more than UINT_MAX samples
|
||||
|
||||
There was no overflow check in totalling the samples per pixel, so a
|
||||
pixel with more samples than could fit in an unsigned int would
|
||||
overflow.
|
||||
|
||||
This formalizes a limit of 4,294,967,295 samples per pixel, which the
|
||||
library has always had by virtue of failing when attempting to add
|
||||
more.
|
||||
|
||||
Signed-off-by: Cary Phillips <cary@ilm.com>
|
||||
---
|
||||
src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp b/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp
|
||||
index 8ac4a166bf..01b8bec411 100644
|
||||
--- a/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp
|
||||
+++ b/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp
|
||||
@@ -508,6 +508,10 @@ CompositeDeepScanLine::readPixels (int start, int end)
|
||||
num_sources[ptr] = 0;
|
||||
for (size_t j = 0; j < parts; j++)
|
||||
{
|
||||
+ if (total_sizes[ptr] > std::numeric_limits<unsigned int>::max() - counts[j][ptr])
|
||||
+ throw IEX_NAMESPACE::ArgExc (
|
||||
+ "Cannot composite scanline: pixel cannot have more than UINT_MAX samples");
|
||||
+
|
||||
total_sizes[ptr] += counts[j][ptr];
|
||||
if (counts[j][ptr] > 0) num_sources[ptr]++;
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
Name: openexr
|
||||
Version: 3.1.10
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
Summary: Provides the specification and reference implementation of the EXR file format
|
||||
|
||||
License: BSD-3-Clause
|
||||
@ -19,6 +19,8 @@ Patch2: gcc14.patch
|
||||
# https://github.com/AcademySoftwareFoundation/openexr/pull/1627
|
||||
# Backported to 3.1.10
|
||||
Patch3: openexr-3.1.10-CVE-2023-5841.patch
|
||||
# Fix CVE 2026-27622
|
||||
Patch4: openexr-CVE-2026-27622.patch
|
||||
|
||||
BuildRequires: cmake gcc gcc-c++
|
||||
BuildRequires: boost-devel
|
||||
@ -157,6 +159,9 @@ EXCLUDE_REGEX='ReadDeep|DWA[AB]Compression|testCompression|Rgba|SampleImages|Sha
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Mar 23 2026 Josef Ridky <jridky@redhat.com> - 3.1.10-9
|
||||
- fix CVE-2026-27622
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.1.10-8
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
||||
Loading…
Reference in New Issue
Block a user