CVE-2023-5841

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Academy Software Foundation OpenEXR image parsing library versions 3.2.1 and prior

Description The issue is caused by a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, leading to a heap-based buffer overflow. This allows a remote attacker to read or write arbitrary data. The vulnerability was resolved in versions v3.2.2 and v3.1.12 of the affected library.

Recommendations For versions 3.2.1 and prior, update to version v3.2.2 or v3.1.12 to resolve the issue. As a temporary workaround, consider restricting the use of OpenEXR files containing deep scanline data until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2024:8800

ALSA-2024:9548

ALSA-2024_8800

ALSA-2024_9548

AZL-62324

BDU:2024-02272

CVE-2023-5841

ELSA-2024-8800

ELSA-2024-9548

INFSA-2024_8800

INFSA-2024_9548

JLSEC-2026-133

OESA-2024-1215

OESA-2024-1216

OESA-2024-1217

OESA-2024-1218

OPENSUSE-SU-2024:13683-1

RHSA-2024:8800

RHSA-2024:8801

RHSA-2024:8802

RHSA-2024:9548

RHSA-2024_8800

RHSA-2024_9548

RLSA-2024:8800

RLSA-2024:9548

RLSA-2024_8800

RLSA-2024_9548

Affected Products

Almalinux

Debian

Apple Macos

Openexr

Red Hat

Rocky Linux

CVE-2023-5841

Weakness Enumeration

Related Identifiers

Affected Products

References · 54