CVE-2023-5841

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/
https://takeonme.org/cves/CVE-2023-5841.html	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-02-01 19:15

Updated : 2024-02-26 16:27

NVD link : CVE-2023-5841

Mitre link : CVE-2023-5841

CVE.ORG link : CVE-2023-5841

JSON object : View

Products Affected

openexr

openexr

CWE

CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2023-5841", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-02-01T19:15:08.097", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/", "source": "cve@takeonme.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/", "source": "cve@takeonme.org"}, {"url": "https://takeonme.org/cves/CVE-2023-5841.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@takeonme.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cve@takeonme.org", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u00a0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u00a0v3.2.2 and v3.1.12 of the affected library.\n"}, {"lang": "es", "value": "Debido a un fallo en la validaci\u00f3n del n\u00famero de muestras de l\u00edneas de escaneo de un archivo OpenEXR que contiene datos de l\u00edneas de escaneo profundas, la librer\u00eda de an\u00e1lisis de im\u00e1genes Academy Software Foundation OpenEX versi\u00f3n 3.2.1 y anteriores es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria."}], "lastModified": "2024-02-26T16:27:49.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95B42B05-2815-4CB0-99A1-B19F587AA13C", "versionEndIncluding": "3.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@takeonme.org"}