CVE-2023-5841
OpenEXR Heap Overflow in Scanline Deep Data Parsing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
Debido a un fallo en la validación del número de muestras de líneas de escaneo de un archivo OpenEXR que contiene datos de líneas de escaneo profundas, la librería de análisis de imágenes Academy Software Foundation OpenEX versión 3.2.1 y anteriores es susceptible a una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria.
A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanline data, allowing a read or write primitive based on the provided EXR file attributes. This flaw could be used to read or write memory to a compromised device through an attacker-placed EXR image.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-29 CVE Reserved
- 2024-02-01 CVE Published
- 2024-02-25 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Date | SRC |
|---|---|---|
| https://takeonme.org/cves/CVE-2023-5841.html | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-5841 | 2024-11-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262397 | 2024-11-13 |