CVE-2023-5841

Name
CVE-2023-5841
Description
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@takeonme.org https://takeonme.org/cves/CVE-2023-5841.html
cve@takeonme.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/
cve@takeonme.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* openexr >= None <= 3.2.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openexr edge-community 3.1.12-r0 Mark Riedesel <mark+alpine@klowner.com> fixed
openexr 3.19-community 3.1.12-r0 Mark Riedesel <mark+alpine@klowner.com> fixed