{"affected":[{"ecosystem_specific":{"binaries":[{"libIlmImf-2_2-23":"2.2.1-lp152.7.20.1","libIlmImf-2_2-23-32bit":"2.2.1-lp152.7.20.1","libIlmImfUtil-2_2-23":"2.2.1-lp152.7.20.1","libIlmImfUtil-2_2-23-32bit":"2.2.1-lp152.7.20.1","openexr":"2.2.1-lp152.7.20.1","openexr-devel":"2.2.1-lp152.7.20.1","openexr-doc":"2.2.1-lp152.7.20.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"openexr","purl":"pkg:rpm/opensuse/openexr&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.1-lp152.7.20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for openexr fixes the following issues:\n\n- CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor\n- CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator\n- CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress\n- CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot\n- CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer\n- CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2021:1198-1","modified":"2021-08-25T19:51:46Z","published":"2021-08-25T19:51:46Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UU6C6KHVOWCVMKES2H2PK5BJGOG2DVEJ/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188457"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188458"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188459"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188460"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188461"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188462"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20298"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20299"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20300"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20302"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20303"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20304"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3476"}],"related":["CVE-2021-20298","CVE-2021-20299","CVE-2021-20300","CVE-2021-20302","CVE-2021-20303","CVE-2021-20304","CVE-2021-3476"],"summary":"Security update for openexr","upstream":["CVE-2021-20298","CVE-2021-20299","CVE-2021-20300","CVE-2021-20302","CVE-2021-20303","CVE-2021-20304","CVE-2021-3476"]}