Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 15 May 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 13 Feb 2025 17:30:00 +0000

Type Values Removed Values Added
Description Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Tue, 05 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
Redhat rhel E4s
Redhat rhel Eus
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat
Redhat enterprise Linux
Redhat rhel E4s
Redhat rhel Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: AHA

Published:

Updated: 2025-05-15T15:18:17.317Z

Reserved: 2023-10-29T23:41:19.153Z

Link: CVE-2023-5841

cve-icon Vulnrichment

Updated: 2024-08-02T08:14:24.651Z

cve-icon NVD

Status : Modified

Published: 2024-02-01T19:15:08.097

Modified: 2025-05-15T16:15:31.313

Link: CVE-2023-5841

cve-icon Redhat

Severity : Important

Publid Date: 2024-02-01T00:00:00Z

Links: CVE-2023-5841 - Bugzilla

cve-icon OpenCVE Enrichment

No data.