An integer overflow in file exrmultipart.cpp

[xiaoxiaoafeifei]

Describe the bug: Hi, I found an integer overflow issue in file exrmultipart.cpp

To Reproduce: Steps to reproduce the behavior: export CC=afl-clang-fast CXX=afl-clang-fast++ export LD_LIBRARY_PATH=/usr/lib/llvm-16/lib/clang/16/lib/linux/ cmake -DCMAKE_C_FLAGS="-fsanitize=undefined,address,leak -shared-libasan" -DCMAKE_CXX_FLAGS="-fsanitize=undefined,address,leak -shared-libasan" .. make && make install exrmultipart -convert -i poc -o res.exr poc file: poc.zip

Evidence: /root/fuzz/fuzz_openexr/openexr/src/bin/exrmultipart/exrmultipart.cpp:303:39: runtime error: signed integer overflow: 808464432 * 13569 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /root/fuzz/fuzz_openexr/openexr/src/bin/exrmultipart/exrmultipart.cpp:303:39 in

Platform information: OS: Ubuntu 22.04.3 C++ compiler: clang-16.0.6

[xiaoxiaoafeifei]

[AFFECTED AND/OR FIXED VERSION(S)] AFFECTED VERSION: openexr - version <= 3.2.3 FIXED VERSION: 3.2.4 (patch: 7aa89e1)

[PROBLEM TYPE] – must contain at least one: Vulnerability Type, Root Cause, or Impact: Vulnerability Type: Integer Overflow Impact: Denial of Service

[DESCRIPTION] An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service via the convert function of file exrmultipart.cpp.

This issue was assigned CVE-2024-31047

[cary-ilm]

CVE-2024-31047 doesn't appear to involve OpenEXR, am I missing something?

[xiaoxiaoafeifei]

Sorry, I just saw the message now. CVE-2024-31047 appears in link: https://nvd.nist.gov/vuln/detail/CVE-2024-31047