CVE-2023-5841

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Feb 1, 2024

Updated: Feb 26, 2024

CWE ID 122

CWE ID 787

Summary

CVE-2023-5841 is a heap-based buffer overflow vulnerability affecting Academy Software Foundation OpenEXR image parsing library versions 3.2.1 and prior. The issue arises due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanline data. This flaw can lead to an overflow condition, potentially allowing attackers to execute arbitrary code or cause a denial of service. Users are advised to upgrade to library versions 3.2.2 and 3.1.12 to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenEXR

Affected Vendors

Openexr

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sh-d_I
https://www.cve.org/CVERecord?id=CVE-2023-5841
https://nvd.nist.gov/vuln/detail/CVE-2023-5841

Back to Vulnerability Database