FreeBSD: VID-803879e9-4195-11e7-9b08-080027ef73ec (CVE-2017-9113): OpenEXR -- multiple remote code execution and denial of service vulnerabilities

Brandon Perry reports: [There] is a zip file of EXR images that cause segmentation faults in the OpenEXR library (tested against 2.2.0). CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. CVE-2017-9111 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. CVE-2017-9112 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. CVE-2017-9113 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. CVE-2017-9114 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. CVE-2017-9115 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. CVE-2017-9116 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.