An integer overflow in file exrmultipart.cpp

[xiaoxiaoafeifei]

Describe the bug:
Hi, I found an integer overflow issue in file exrmultipart.cpp

To Reproduce:
Steps to reproduce the behavior:
export CC=afl-clang-fast CXX=afl-clang-fast++
export LD_LIBRARY_PATH=/usr/lib/llvm-16/lib/clang/16/lib/linux/
cmake -DCMAKE_C_FLAGS="-fsanitize=undefined,address,leak -shared-libasan" -DCMAKE_CXX_FLAGS="-fsanitize=undefined,address,leak -shared-libasan" ..
make && make install
exrmultipart -convert -i poc -o res.exr
poc file:
poc.zip

Evidence:
/root/fuzz/fuzz_openexr/openexr/src/bin/exrmultipart/exrmultipart.cpp:303:39: runtime error: signed integer overflow: 808464432 * 13569 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /root/fuzz/fuzz_openexr/openexr/src/bin/exrmultipart/exrmultipart.cpp:303:39 in

Platform information:
OS: Ubuntu 22.04.3
C++ compiler: clang-16.0.6

[xiaoxiaoafeifei]

[AFFECTED AND/OR FIXED VERSION(S)]
AFFECTED VERSION: openexr - version <= 3.2.3
FIXED VERSION: 3.2.4
(patch: 7aa89e1)

[PROBLEM TYPE] – must contain at least one: Vulnerability Type, Root Cause, or Impact:
Vulnerability Type: Integer Overflow
Impact: Denial of Service

[DESCRIPTION]
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service via the convert function of file exrmultipart.cpp.

This issue was assigned CVE-2024-31047

[cary-ilm]

CVE-2024-31047 doesn't appear to involve OpenEXR, am I missing something?

[xiaoxiaoafeifei]

Sorry, I just saw the message now. CVE-2024-31047 appears in link: https://nvd.nist.gov/vuln/detail/CVE-2024-31047