Vulnerability Description
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openexr | Openexr | <= 3.2.1 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://takeonme.org/cves/CVE-2023-5841.htmlExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2024/Sep/32
- http://seclists.org/fulldisclosure/2024/Sep/34
- http://seclists.org/fulldisclosure/2024/Sep/36
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://takeonme.org/cves/CVE-2023-5841.htmlExploitThird Party Advisory
FAQ
What is CVE-2023-5841?
CVE-2023-5841 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susce...
How severe is CVE-2023-5841?
CVE-2023-5841 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-5841?
Check the references section above for vendor advisories and patch information. Affected products include: Openexr Openexr.