Vulnerabilities > CVE-2023-5841 - Out-of-bounds Write vulnerability in Openexr
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://lists.fedoraproject.org/archives/list/[email protected]/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/
- https://takeonme.org/cves/CVE-2023-5841.html
- https://takeonme.org/cves/CVE-2023-5841.html