Vulnerabilites related to Academy Software Foundation - OpenEXR
cve-2023-5841
Vulnerability from cvelistv5
Published
2024-02-01 18:28
Modified
2025-02-13 17:25
Severity ?
EPSS score ?
Summary
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Academy Software Foundation | OpenEXR |
Version: 0 ≤ 3.2.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:24.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://takeonme.org/cves/CVE-2023-5841.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenEXR", vendor: "Academy Software Foundation", versions: [ { lessThanOrEqual: "3.2.1", status: "affected", version: "0", versionType: "semver", }, { status: "unaffected", version: "3.2.2", }, { status: "unaffected", version: "3.1.12", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "zenofex", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "WanderingGlitch", }, { lang: "en", type: "coordinator", user: "00000000-0000-4000-9000-000000000000", value: "Austin Hackers Anonymous!", }, ], datePublic: "2024-01-31T22:35:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions <span style=\"background-color: rgb(255, 255, 255);\">v3.2.2 and v3.1.12 of the affected library.</span><br>", }, ], value: "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-25T02:06:23.585Z", orgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43", shortName: "AHA", }, references: [ { url: "https://takeonme.org/cves/CVE-2023-5841.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/", }, ], source: { discovery: "EXTERNAL", }, title: "OpenEXR Heap Overflow in Scanline Deep Data Parsing", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43", assignerShortName: "AHA", cveId: "CVE-2023-5841", datePublished: "2024-02-01T18:28:05.892Z", dateReserved: "2023-10-29T23:41:19.153Z", dateUpdated: "2025-02-13T17:25:51.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }