OpenEXR v2.4.1 Release Notes
Release Date: 2020-02-11 // about 4 years ago-
๐ Patch release with minor bug fixes.
Summary
- ๐ Various fixes for memory leaks and invalid memory accesses
- ๐ Various fixes for integer overflow with large images.
- ๐ Various cmake fixes for build/install of python modules.
- ImfMisc.h is no longer installed, since it's a private header.
๐ Security Vulnerabilities
๐ This version fixes the following security vulnerabilities:
- CVE-2020-11765 There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::ClasGsifier, leading to an out-of-bounds read.
- CVE-2020-11764 There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
- CVE-2020-11763 There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
- CVE-2020-11762 There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
- CVE-2020-11761 There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
- CVE-2020-11760 There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
- CVE-2020-11759 Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
- โก๏ธ CVE-2020-11758 There is an out-of-bounds read in ImfOptimizedPixelReading.h.
๐ Merged Pull Requests
- 659 fix memory leaks and invalid memory accesses
- ๐ 609 Fixes #593, others - issues with pyilmbase install
- 605 No longer install ImfMisc.h
- โก๏ธ 603 Update Azure build to work with new RB-2.4 branch.
- 596 Add Boost::Python to Python modules link libraries
- 592 Take DESTDIR into account when creating library symlinks
- 589 Fix int32 overflow bugs with deep images
๐ฒ Commits [ git log v2.4.0...v2.4.1]
fix memory leaks and invalid memory accesses ([Peter Hillman](@[email protected]) 2020-02-08)
๐ Fix overzealous removal of if statements breaking all builds except win32 ([Kimball Thurston](@[email protected]) 2019-11-07)
Handle python2 not being installed, but python3 being present ([Kimball Thurston](@[email protected]) 2019-11-07)
Fix issue with defines not being set correctly for win32 ([Kimball Thurston](@[email protected]) 2019-11-07)
Re-enable Boost_NO_BOOST_CMAKE by default, document, clean up status messages ([Kimball Thurston](@[email protected]) 2019-11-07)
โ Set CMP0074 such that people who set Boost_ROOT won't get warnings ([Kimball Thurston](@[email protected]) 2019-11-07)
ensure paths are canonicalized by get_filename_component prior to comparing ([Kimball Thurston](@[email protected]) 2019-11-07)
๐ Fix issue with drive letter under windows ([Kimball Thurston](@[email protected]) 2019-11-06)
Extract to function, protect against infinite loop ([Kimball Thurston](@[email protected]) 2019-11-06)
๐ Fixes #593, others - issues with pyilmbase install ([Kimball Thurston](@[email protected]) 2019-11-05)
๐ง Take DESTDIR into account when creating library symlinks ([Antonio Rojas](@[email protected]) 2019-10-19)
No longer install ImfMisc.h ([Cary Phillips](@[email protected]) 2019-10-31)
add boost to python module link library ([Jens Lindgren](@[email protected]) 2019-10-22)
โก๏ธ Update Azure build to work with new branch. ([Christina Tempelaar-Lietz](@[email protected]) 2019-10-26)
Fix int32 overflow bugs with deep images ([Larry Gritz](@[email protected]) 2019-10-17)
๐ Prepare 2.4 release branch ([Larry Gritz](@[email protected]) 2019-10-24)