CVE-2023-5841

Summary

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Affected Software

VendorProductVersion RangeStatus
Academy Software FoundationOpenEXR0 <= 3.2.1affected
Academy Software FoundationOpenEXR3.2.2unaffected
Academy Software FoundationOpenEXR3.1.12unaffected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References