Lucene search

[email protected]NVD:CVE-2023-5841

HistoryFeb 01, 2024 - 7:15 p.m.

CVE-2023-5841

2024-02-0119:15:08

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

openexr

file validation

vulnerability

resolved

versions

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Affected configurations

Nvd

Node

openexropenexrRange≤3.2.1

VendorProductVersionCPE
openexropenexr*cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openexr	openexr	*	cpe:2.3:a:openexr:openexr::::::::

References

lists.fedoraproject.org/archives/list/[email protected]/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/

lists.fedoraproject.org/archives/list/[email protected]/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/

takeonme.org/cves/CVE-2023-5841.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

Related for NVD:CVE-2023-5841

nessus7 debiancve1 ubuntucve1 cvelist1 openvas3 prion1 freebsd1 alpinelinux1 fedora2 redhatcve1 veracode1 osv1 cve1