vulnerability

FreeBSD: VID-f161a5ad-c9bd-11ee-b7a7-353f1e043d9a (CVE-2023-5841): openexr -- Heap Overflow in Scanline Deep Data Parsing

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:N)	Feb 12, 2024	Feb 12, 2024	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:N)

Published

Feb 12, 2024

Added

Feb 12, 2024

Modified

Dec 10, 2025

Description

Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. [...] it is in a routine that is predominantly used for development and testing. It is not likely to appear in production code.

Solution

freebsd-upgrade-package-openexr

References

CVE-2023-5841
https://attackerkb.com/topics/CVE-2023-5841
CWE-122
CWE-787

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today