An update for OpenEXR is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1218 Final 1.0 1.0 2024-03-01 Initial 2024-03-01 2024-03-01 openEuler SA Tool V1.0 2024-03-01 OpenEXR security update An update for OpenEXR is now available for openEuler-22.03-LTS-SP3. OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fix(es): Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. (CVE-2023-5841) An update for OpenEXR is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical OpenEXR https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1218 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-5841 https://nvd.nist.gov/vuln/detail/CVE-2023-5841 openEuler-22.03-LTS-SP3 OpenEXR-debugsource-3.1.5-2.oe2203sp3.aarch64.rpm OpenEXR-3.1.5-2.oe2203sp3.aarch64.rpm OpenEXR-devel-3.1.5-2.oe2203sp3.aarch64.rpm OpenEXR-libs-3.1.5-2.oe2203sp3.aarch64.rpm OpenEXR-debuginfo-3.1.5-2.oe2203sp3.aarch64.rpm OpenEXR-3.1.5-2.oe2203sp3.src.rpm OpenEXR-libs-3.1.5-2.oe2203sp3.x86_64.rpm OpenEXR-debugsource-3.1.5-2.oe2203sp3.x86_64.rpm OpenEXR-devel-3.1.5-2.oe2203sp3.x86_64.rpm OpenEXR-3.1.5-2.oe2203sp3.x86_64.rpm OpenEXR-debuginfo-3.1.5-2.oe2203sp3.x86_64.rpm Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. 2024-03-01 CVE-2023-5841 openEuler-22.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N OpenEXR security update 2024-03-01 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1218