Fix CVE-2021-20299

CVE-2021-20299.patch

@@ -0,0 +1,26 @@
+From 7b11bbac18fc3c23c9c78ba1c4f9547c165a2613 Mon Sep 17 00:00:00 2001
+From: Peter Hillman <peterh@wetafx.co.nz>
+Date: Fri, 18 Sep 2020 08:47:21 +1200
+Subject: [PATCH] add sanity check for reading multipart files with no parts
+
+Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
+---
+ IlmImf/ImfMultiPartInputFile.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/IlmImf/ImfMultiPartInputFile.cpp b/IlmImf/ImfMultiPartInputFile.cpp
+index 689956c90..cbb2ec234 100644
+--- a/IlmImf/ImfMultiPartInputFile.cpp
++++ b/IlmImf/ImfMultiPartInputFile.cpp
+@@ -340,6 +340,11 @@ MultiPartInputFile::initialize()
+     // Perform usual check on headers.
+     //
+ 
++    if ( _data->_headers.size() == 0)
++    {
++        throw IEX_NAMESPACE::ArgExc ("Files must contain at least one header");
++    }
++
+     for (size_t i = 0; i < _data->_headers.size(); i++)
+     {
+         //

OpenEXR.spec

@@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        24
+Release:        25
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@@ -29,6 +29,8 @@ Patch0019:      CVE-2020-15305.patch
 Patch0020:      CVE-2020-15306.patch
 Patch0021:      CVE-2021-3605.patch
 Patch0022:      CVE-2021-20303.patch
+#https://github.com/AcademySoftwareFoundation/openexr/commit/7b11bbac18fc3c23.patch
+Patch0023:      CVE-2021-20299.patch
 
 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@@ -92,6 +94,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Wed Mar 23 2022 yaoxin <yaoxin30@huawei.com> - 2.2.0-25
+- Fix CVE-2021-20299
+
 * Fri Mar 11 2022 yaoxin <yaoxin30@huawei.com> - 2.2.0-24
 - Fix CVE-2021-20303