Register | Log in

openexr

command-line tools for the OpenEXR image format

Choose email to subscribe with

general

source: openexr (main)
version: 2.3.0-6
maintainer: Debian PhotoTools Maintainers (archive) (DMD)
uploaders: Matteo F. Vescovi [DMD] – Mathieu Malaterre [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.6.1-8
oldstable: 2.2.0-11
stable: 2.2.1-4.1
testing: 2.3.0-6
unstable: 2.3.0-6
exp: 2.5.1-2

versioned links

1.6.1-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.0-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.1-4.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.5.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libopenexr-dev
libopenexr24
openexr (1 bugs: 1, 0, 0, 0)
openexr-doc

action needed

14 security issues in buster high

There are 14 open security issues in buster.

10 important issues:

CVE-2020-11758: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
CVE-2020-11759: An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
CVE-2020-11763: An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11762: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
CVE-2020-11761: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
CVE-2020-11760: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
CVE-2020-11765: An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
CVE-2020-11764: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2020-15305: An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-15306: An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

4 issues skipped by the security teams:

CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.

Please fix them.

Created: 2017-06-18 Last update: 2020-07-31 08:34

15 security issues in bullseye high

There are 15 open security issues in bullseye.

15 important issues:

CVE-2020-11758: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
CVE-2020-11759: An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
CVE-2020-11763: An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11762: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
CVE-2020-11761: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
CVE-2020-11760: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
CVE-2020-11765: An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
CVE-2020-11764: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
CVE-2020-15305: An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-15304: An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
CVE-2020-15306: An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

Please fix them.

Created: 2019-07-07 Last update: 2020-07-31 08:34

15 security issues in sid high

There are 15 open security issues in sid.

15 important issues:

CVE-2020-11758: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
CVE-2020-11759: An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
CVE-2020-11763: An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11762: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
CVE-2020-11761: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
CVE-2020-11760: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
CVE-2020-11765: An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
CVE-2020-11764: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
CVE-2020-15305: An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-15304: An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
CVE-2020-15306: An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

Please fix them.

Created: 2017-05-22 Last update: 2020-07-31 08:34

18 security issues in stretch high

There are 18 open security issues in stretch.

10 important issues:

CVE-2020-11758: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
CVE-2020-11759: An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
CVE-2020-11763: An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11762: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
CVE-2020-11761: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
CVE-2020-11760: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
CVE-2020-11765: An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
CVE-2020-11764: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2020-15305: An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-15306: An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

8 issues skipped by the security teams:

CVE-2017-12596: In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9116: In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.
CVE-2017-9110: In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9112: In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.

Please fix them.

Created: 2017-05-22 Last update: 2020-07-31 08:34

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-03-21 Last update: 2020-08-03 23:44

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:33

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2019-09-03 Last update: 2019-09-03 14:14

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.0).

Created: 2019-09-29 Last update: 2020-01-21 05:06

testing migrations

This package will soon be part of the auto-openexr transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-ilmbase transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2020-06-12] Accepted openexr 2.5.1-2 (source) into experimental (Matteo F. Vescovi)
[2020-06-10] Accepted openexr 2.5.1-1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Matteo F. Vescovi)
[2020-05-11] Accepted openexr 2.5.0-1 (source) into experimental (Matteo F. Vescovi)
[2019-09-08] openexr 2.3.0-6 MIGRATED to testing (Debian testing watch)
[2019-09-02] Accepted openexr 2.3.0-6 (source) into unstable (Matteo F. Vescovi)
[2019-04-02] openexr 2.2.1-4.1 MIGRATED to testing (Debian testing watch)
[2019-03-27] Accepted openexr 2.2.1-4.1 (source i386 all) into unstable (Steinar H. Gunderson)
[2019-01-09] Accepted openexr 2.3.0-5 (source) into experimental (Mathieu Malaterre)
[2019-01-01] Accepted openexr 2.3.0-4 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
[2018-12-19] Accepted openexr 2.3.0-3 (source) into experimental (Mathieu Malaterre)
[2018-11-15] Accepted openexr 2.3.0-2 (source) into experimental (Matteo F. Vescovi)
[2018-11-10] Accepted openexr 2.3.0-1 (source) into experimental (Matteo F. Vescovi)
[2018-03-16] openexr 2.2.1-4 MIGRATED to testing (Debian testing watch)
[2018-03-11] Accepted openexr 2.2.1-4 (source) into unstable (Matteo F. Vescovi)
[2018-03-10] Accepted openexr 2.2.1-3 (source) into experimental (Matteo F. Vescovi)
[2018-03-08] Accepted openexr 2.2.1-2 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
[2018-01-10] Accepted openexr 2.2.1-1 (source amd64 all) into experimental (Matteo F. Vescovi) (signed by: Mathieu Malaterre)
[2017-09-03] openexr 2.2.0-11.1 MIGRATED to testing (Debian testing watch)
[2017-08-31] Accepted openexr 2.2.0-11.1 (source) into unstable (Markus Koschany)
[2017-08-31] Accepted openexr 1.6.1-6+deb7u1 (source amd64) into oldoldstable (Markus Koschany)
[2016-07-24] openexr 2.2.0-11 MIGRATED to testing (Debian testing watch)
[2016-07-19] Accepted openexr 2.2.0-11 (source) into unstable (Mathieu Malaterre)
[2016-03-04] openexr 2.2.0-10 MIGRATED to testing (Debian testing watch)
[2016-02-27] Accepted openexr 2.2.0-10 (source) into unstable (Matteo F. Vescovi)
[2016-02-07] openexr 2.2.0-9 MIGRATED to testing (Debian testing watch)
[2016-02-01] Accepted openexr 2.2.0-9 (source) into unstable (Matteo F. Vescovi)
[2016-01-18] Accepted openexr 2.2.0-8 (source) into experimental (Mathieu Malaterre) (signed by: Mattia Rizzolo)
[2015-10-19] Accepted openexr 2.2.0-7 (source all) into experimental (Mathieu Malaterre)
[2015-10-16] Accepted openexr 2.2.0-6 (source all) into experimental (Mathieu Malaterre)
[2015-10-06] Accepted openexr 2.2.0-5 (source) into experimental (Mathieu Malaterre) (signed by: Matteo F. Vescovi)

1
2

bugs [bug history graph]

all: 3
RC: 1
I&N: 0
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 3)
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.3.0-6ubuntu1
1 bug
patches for 2.3.0-6ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing