ID CVE-2023-5841
Summary Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
References
Vulnerable Configurations
  • cpe:2.3:a:openexr:openexr:-:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.4.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.4.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.4.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.7:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.7:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:2.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:2.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.0:beta:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.1:beta:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.4:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.5:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.5:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.0.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.0.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.1:rc:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.1:rc:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.2:rc:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.2:rc:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.3:rc:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.3:rc:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openexr:openexr:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openexr:openexr:3.2.0:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 26-02-2024 - 16:27
Published 01-02-2024 - 19:15
Last modified 26-02-2024 - 16:27
Back to Top