CVE-2023-5841 - OpenCVE

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openexr	Openexr

Configuration 1 [-]

cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/
https://nvd.nist.gov/vuln/detail/CVE-2023-5841
https://takeonme.org/cves/CVE-2023-5841.html
https://takeonme.org/cves/CVE-2023-5841.html#
https://www.cve.org/CVERecord?id=CVE-2023-5841

History

No history.

MITRE

Status: PUBLISHED

Assigner: AHA

Published: 2024-02-01T18:28:05.892Z

Updated: 2024-08-02T08:14:24.651Z

Reserved: 2023-10-29T23:41:19.153Z

Link: CVE-2023-5841

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-02-01T19:15:08.097

Modified: 2024-02-26T16:27:49.420

Link: CVE-2023-5841

Redhat

Severity : Important

Publid Date: 2024-02-01T00:00:00Z

Links: CVE-2023-5841 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5841", "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "state": "PUBLISHED", "assignerShortName": "AHA", "dateReserved": "2023-10-29T23:41:19.153Z", "datePublished": "2024-02-01T18:28:05.892Z", "dateUpdated": "2024-08-02T08:14:24.651Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenEXR", "vendor": "Academy Software Foundation", "versions": [{"lessThanOrEqual": "3.2.1", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "3.2.2"}, {"status": "unaffected", "version": "3.1.12 "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "zenofex"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "WanderingGlitch"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Austin Hackers Anonymous!"}], "datePublic": "2024-01-31T22:35:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions <span style=\"background-color: rgb(255, 255, 255);\">v3.2.2 and v3.1.12 of the affected library.</span><br>"}], "value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u00a0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u00a0v3.2.2 and v3.1.12 of the affected library.\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA", "dateUpdated": "2024-02-21T23:36:15.206Z"}, "references": [{"url": "https://takeonme.org/cves/CVE-2023-5841.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"}], "source": {"discovery": "EXTERNAL"}, "title": "OpenEXR Heap Overflow in Scanline Deep Data Parsing", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.651Z"}, "title": "CVE Program Container", "references": [{"url": "https://takeonme.org/cves/CVE-2023-5841.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "95B42B05-2815-4CB0-99A1-B19F587AA13C", "versionEndIncluding": "3.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u00a0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u00a0v3.2.2 and v3.1.12 of the affected library.\n"}, {"lang": "es", "value": "Debido a un fallo en la validaci\u00f3n del n\u00famero de muestras de l\u00edneas de escaneo de un archivo OpenEXR que contiene datos de l\u00edneas de escaneo profundas, la librer\u00eda de an\u00e1lisis de im\u00e1genes Academy Software Foundation OpenEX versi\u00f3n 3.2.1 y anteriores es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria."}], "id": "CVE-2023-5841", "lastModified": "2024-02-26T16:27:49.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-01T19:15:08.097", "references": [{"source": "cve@takeonme.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"}, {"source": "cve@takeonme.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"}, {"source": "cve@takeonme.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://takeonme.org/cves/CVE-2023-5841.html"}], "sourceIdentifier": "cve@takeonme.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "cve@takeonme.org", "type": "Secondary"}]}

{"bugzilla": {"description": "OpenEXR: Heap Overflow in Scanline Deep Data Parsing", "id": "2262397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262397"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-122", "details": ["Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u00a0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u00a0v3.2.2 and v3.1.12 of the affected library.", "A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanline data, allowing a read or write primitive based on the provided EXR file attributes. This flaw could be used to read or write memory to a compromised device through an attacker-placed EXR image."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-5841", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gimp:flatpak/OpenEXR", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5841\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5841\nhttps://takeonme.org/cves/CVE-2023-5841.html#"], "statement": "The heap-based buffer overflow vulnerability identified in the Academy Software Foundation's OpenEXR image parsing library represents an important security concern due to its potential for severe consequences and wide-reaching impact. By exploiting this vulnerability, attackers can execute arbitrary code or perform unauthorized read/write operations on affected systems. This ability to manipulate system memory poses a significant risk to data integrity, confidentiality, and system stability. Moreover, the vulnerability's presence in a widely-used image parsing library amplifies its severity. The ability to execute such attacks without user interaction, known as a 0-click attack surface, further amplifies the risk.", "threat_severity": "Important", "upstream_fix": "OpenEXR 3.2.1"}