Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
References
Configurations
History
26 Feb 2024, 16:27
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Feb 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. |
09 Feb 2024, 20:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
References | () https://takeonme.org/cves/CVE-2023-5841.html - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
First Time |
Openexr
Openexr openexr |
01 Feb 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-01 19:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-5841
Mitre link : CVE-2023-5841
CVE.ORG link : CVE-2023-5841
JSON object : View
Products Affected
openexr
- openexr