Ubuntu
openexr package

openexr 2.3.0-6ubuntu0.5 source package in Ubuntu

Changelog

openexr (2.3.0-6ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: shift overflow in FastHufDecoder
    - debian/patches/CVE-2021-3474.patch: compute Huf codelengths using 64
      bit to prevent shift overflow in IlmImf/ImfFastHuf.cpp.
    - CVE-2021-3474
  * SECURITY UPDATE: integer overflow in calculateNumTiles
    - debian/patches/CVE-2021-3475.patch: compute level size with 64 bits
      to avoid overflow in IlmImf/ImfTiledMisc.cpp.
    - CVE-2021-3475
  * SECURITY UPDATE: shift overflows
    - debian/patches/CVE-2021-3476.patch: ignore unused bits in B44 mode
      detection in IlmImf/ImfB44Compressor.cpp.
    - CVE-2021-3476
  * SECURITY UPDATE: out-of-bounds read via deep tile sample size
    - debian/patches/CVE-2021-3477.patch: fix overflow computing deeptile
      sample table size in IlmImf/ImfDeepTiledInputFile.cpp.
    - CVE-2021-3477
  * SECURITY UPDATE: memory consumption via input file
    - debian/patches/CVE-2021-3478-pre1.patch: reduce size limit for
      scanline files; prevent large chunkoffset allocations in
      IlmImf/ImfCompressor.cpp, IlmImf/ImfCompressor.h, IlmImf/ImfMisc.cpp,
      IlmImf/ImfMultiPartInputFile.cpp, IlmImf/ImfScanLineInputFile.cpp.
    - debian/patches/CVE-2021-3478.patch: sanity check ScanlineInput
      bytesPerLine instead of lineOffset size in
      IlmImf/ImfScanLineInputFile.cpp.
    - CVE-2021-3478
  * SECURITY UPDATE: memory consumption in scanline API
    - debian/patches/CVE-2021-3479-pre1.patch: address issues reported by
      Undefined Behavior Sanitizer in IlmImf/ImfInputFile.cpp.
    - debian/patches/CVE-2021-3479.patch: more efficient handling of filled
      channels reading tiles with scanline API in IlmImf/ImfInputFile.cpp,
      IlmImfTest/testScanLineApi.cpp.
    - CVE-2021-3479

 -- Marc Deslauriers <email address hidden>  Thu, 01 Apr 2021 08:47:09 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
graphics
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe graphics
Focal security universe graphics

Downloads

File Size SHA-256 Checksum
openexr_2.3.0.orig.tar.gz 17.6 MiB 1dea3145eb3962025e27edb99c97e8cfc67d6310403bbd643e97c364ebf8ff09
openexr_2.3.0.orig.tar.gz.asc 566 bytes 809172c26aacae76d2caf92d13015ec829853f1ea9b25512c0307c66005e4dcc
openexr_2.3.0-6ubuntu0.5.debian.tar.xz 39.4 KiB c9fdbfa07402ff13676d891ce9d96f52c1a94c4e7d48960ad04295a780e666d8
openexr_2.3.0-6ubuntu0.5.dsc 2.6 KiB 7bfa485fadf5109cbefc7545b4b8ddcb4ce9e9f0e33001c731531f54c281c218

View changes file

Binary packages built by this source

libopenexr-dev: development files for the OpenEXR image library

 OpenEXR is a high dynamic-range (HDR) image file format developed by
 Industrial Light & Magic for use in computer imaging applications.
 .
 OpenEXR's features include:
    * Higher dynamic range and colour precision than existing 8- and
      10-bit image file formats.
    * Support for the "half" 16-bit floating-point pixel format.
    * Multiple lossless image compression algorithms. Some of the
      included codecs can achieve 2:1 lossless compression ratios on
      images with film grain.
    * Extensibility. New compression codecs and image types can easily
      be added by extending the C++ classes included in the OpenEXR
      software distribution. New image attributes (strings, vectors,
      integers, etc.) can be added to OpenEXR image headers without
      affecting backward compatibility with existing OpenEXR
      applications.
 .
 This package contains the header files required if you wish to
 compile/develop applications that use OpenEXR libraries.

libopenexr24: runtime files for the OpenEXR image library

 OpenEXR is a high dynamic-range (HDR) image file format developed by
 Industrial Light & Magic for use in computer imaging applications.
 .
 OpenEXR's features include:
    * Higher dynamic range and colour precision than existing 8- and
      10-bit image file formats.
    * Support for the "half" 16-bit floating-point pixel format.
    * Multiple lossless image compression algorithms. Some of the
      included codecs can achieve 2:1 lossless compression ratios on
      images with film grain.
    * Extensibility. New compression codecs and image types can easily
      be added by extending the C++ classes included in the OpenEXR
      software distribution. New image attributes (strings, vectors,
      integers, etc.) can be added to OpenEXR image headers without
      affecting backward compatibility with existing OpenEXR
      applications.
 .
 This package contains the following shared library:
    * IlmImf - a library that reads and writes OpenEXR images.

libopenexr24-dbgsym: debug symbols for libopenexr24
openexr: command-line tools for the OpenEXR image format

 OpenEXR is a high dynamic-range (HDR) image file format developed by
 Industrial Light & Magic for use in computer imaging applications.
 .
 OpenEXR's features include:
    * Higher dynamic range and colour precision than existing 8- and
      10-bit image file formats.
    * Support for the "half" 16-bit floating-point pixel format.
    * Multiple lossless image compression algorithms. Some of the
      included codecs can achieve 2:1 lossless compression ratios on
      images with film grain.
    * Extensibility. New compression codecs and image types can easily
      be added by extending the C++ classes included in the OpenEXR
      software distribution. New image attributes (strings, vectors,
      integers, etc.) can be added to OpenEXR image headers without
      affecting backward compatibility with existing OpenEXR
      applications.
 .
 This package contains the following tools:
    * exrheader, a utility for dumping header information.
    * exrstdattr, a utility for modifying OpenEXR standard attributes.
    * exrmaketiled, for generating tiled and rip/mipmapped images.
    * exrenvmap, for creating OpenEXR environment maps.
    * exrmakepreview, for creating preview images for OpenEXR files.

openexr-dbgsym: debug symbols for openexr
openexr-doc: documentation and examples for the OpenEXR image format

 OpenEXR is a high dynamic-range (HDR) image file format developed by
 Industrial Light & Magic for use in computer imaging applications.
 .
 OpenEXR's features include:
    * Higher dynamic range and colour precision than existing 8- and
      10-bit image file formats.
    * Support for the "half" 16-bit floating-point pixel format.
    * Multiple lossless image compression algorithms. Some of the
      included codecs can achieve 2:1 lossless compression ratios on
      images with film grain.
    * Extensibility. New compression codecs and image types can easily
      be added by extending the C++ classes included in the OpenEXR
      software distribution. New image attributes (strings, vectors,
      integers, etc.) can be added to OpenEXR image headers without
      affecting backward compatibility with existing OpenEXR
      applications.
 .
 This package contains documentation for the format and examples