diff --git a/openexr-CVE-2026-42216.patch b/openexr-CVE-2026-42216.patch new file mode 100644 index 0000000..7e743f2 --- /dev/null +++ b/openexr-CVE-2026-42216.patch @@ -0,0 +1,17 @@ +diff -ruNp a/src/lib/OpenEXR/ImfIDManifest.cpp b/src/lib/OpenEXR/ImfIDManifest.cpp +--- a/src/lib/OpenEXR/ImfIDManifest.cpp 2026-06-25 11:37:35.541229769 +0200 ++++ b/src/lib/OpenEXR/ImfIDManifest.cpp 2026-06-25 11:39:22.576872688 +0200 +@@ -359,6 +359,13 @@ void IDManifest::init(const char* data, + // + // previous string had more than 255 characters? + // ++ const size_t minPrefixLen = ++ stringList[i - 1].size () > 255 ? size_t (2) : size_t (1); ++ if (stringList[i].size () < minPrefixLen) ++ { ++ throw IEX_NAMESPACE::InputExc ( ++ "IDManifest string too small for common prefix length"); ++ } + if(stringList[i-1].size()>255) + { + common = size_t( ((unsigned char) (stringList[i][0])) <<8 ) + size_t( (unsigned char) (stringList[i][1])); diff --git a/openexr.spec b/openexr.spec index 712571f..d3eb6c9 100644 --- a/openexr.spec +++ b/openexr.spec @@ -25,6 +25,8 @@ Patch4: openexr-CVE-2026-27622.patch Patch5: openexr-CVE-2026-34588.patch # Fix CVE-2026-41142 Patch6: openexr-CVE-2026-41142.patch +# Fix CVE-2026-42216 +Patch7: openexr-CVE-2026-42216.patch BuildRequires: cmake gcc gcc-c++ BuildRequires: boost-devel @@ -166,6 +168,7 @@ EXCLUDE_REGEX='ReadDeep|DWA[AB]Compression|testCompression|Rgba|SampleImages|Sha %changelog * Thu Jun 25 2026 Josef Ridky - 3.1.10-12 - fix CVE-2026-41142 +- fix CVE-2026-42216 * Tue Apr 28 2026 Josef Ridky - 3.1.10-11 - fix rpmspec error