Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
References
Configurations
History
21 Nov 2024, 08:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/ - | |
References | () https://takeonme.org/cves/CVE-2023-5841.html - Exploit, Third Party Advisory |
26 Feb 2024, 16:27
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Feb 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. |
09 Feb 2024, 20:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Openexr
Openexr openexr |
|
CWE | CWE-787 | |
References | () https://takeonme.org/cves/CVE-2023-5841.html - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CPE | cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* |
01 Feb 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-01 19:15
Updated : 2024-11-21 08:42
NVD link : CVE-2023-5841
Mitre link : CVE-2023-5841
CVE.ORG link : CVE-2023-5841
JSON object : View
Products Affected
openexr
- openexr