CVE-2023-5841 OpenEXR Heap Overflow in Scanline Deep Data Parsing

2024-02-0118:28:05

CWE-122

AHA

www.cve.org

cve-2023-5841

openexr

heap overflow

scanline

deep data

parsing

academy software foundation

vulnerability

buffer overflow

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenEXR",
    "vendor": "Academy Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "3.2.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "3.2.2"
      },
      {
        "status": "unaffected",
        "version": "3.1.12 "
      }
    ]
  }
]