Detections
Analytics

Debian DLA-2701-1 : openexr - LTS security update

medium Nessus Plugin ID 151368

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2701 advisory.

 - A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file. (CVE-2020-16587)

 - A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
 (CVE-2021-20296)

 - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
 (CVE-2021-23215)

 - An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. (CVE-2021-26260)

 - There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. (CVE-2021-3474)

 - There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. (CVE-2021-3475)

 - A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. (CVE-2021-3476)

 - There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. (CVE-2021-3477)

 - There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. (CVE-2021-3478)

 - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. (CVE-2021-3479)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the openexr packages.

For Debian 9 stretch, these problems have been fixed in version 2.2.0-11+deb9u3.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986796

https://security-tracker.debian.org/tracker/source-package/openexr

https://www.debian.org/lts/security/2021/dla-2701

https://security-tracker.debian.org/tracker/CVE-2020-16587

https://security-tracker.debian.org/tracker/CVE-2021-20296

https://security-tracker.debian.org/tracker/CVE-2021-23215

https://security-tracker.debian.org/tracker/CVE-2021-26260

https://security-tracker.debian.org/tracker/CVE-2021-3474

https://security-tracker.debian.org/tracker/CVE-2021-3475

https://security-tracker.debian.org/tracker/CVE-2021-3476

https://security-tracker.debian.org/tracker/CVE-2021-3477

https://security-tracker.debian.org/tracker/CVE-2021-3478

https://security-tracker.debian.org/tracker/CVE-2021-3479

https://security-tracker.debian.org/tracker/CVE-2021-3598

https://packages.debian.org/source/stretch/openexr

Plugin Details

Severity: Medium

ID: 151368

File Name: debian_DLA-2701.nasl

Version: 1.4

Type: local

Agent: unix

Published: 7/3/2021

Updated: 12/11/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-3476

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-3598

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libopenexr-dev, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:openexr, p-cpe:/a:debian:debian_linux:libopenexr22, p-cpe:/a:debian:debian_linux:openexr-doc

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/3/2021

Vulnerability Publication Date: 12/9/2020

Reference Information

CVE: CVE-2020-16587, CVE-2021-20296, CVE-2021-23215, CVE-2021-26260, CVE-2021-3474, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-3479, CVE-2021-3598