What is the severity of CVE-2023-5841?

CVE-2023-5841 has been classified as a medium severity vulnerability due to the risk of a heap-based buffer overflow.

How do I fix CVE-2023-5841?

To mitigate CVE-2023-5841, upgrade OpenEXR to version 3.2.2 or later.

Which versions of OpenEXR are affected by CVE-2023-5841?

CVE-2023-5841 affects OpenEXR versions up to and including 3.2.1.

What type of vulnerability is CVE-2023-5841?

CVE-2023-5841 is a heap-based buffer overflow vulnerability.

What could be the potential impact of CVE-2023-5841?

Exploitation of CVE-2023-5841 could lead to arbitrary code execution and destabilization of the affected application.

Vulnerability/
CVE-2023-5841

critical

9.1

CWE

122 119 787 20 190 362

1/2/2024

3/3/2025

CVE-2023-5841: OpenEXR Heap Overflow in Scanline Deep Data Parsing

First published: Thu Feb 01 2024(Updated: )

Accessibility. This issue was addressed by restricting options offered on a locked device.

Credit: cve@takeonme.org Kirin @Pwnrin Rodolphe Brunetti @eisw0lf CVE-2023-4504 Csaba Fitzl @theevilbit Kandjian anonymous researcher @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Yiğit Can YILMAZ @yilmazcanyigit Mickey Jin @patch1t Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeAntonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef Jeff Johnson (underpassapp.com) OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Kirin @Pwnrin Fudan UniversityLFY @secsys Fudan UniversityOlivier Levon CVE-2023-5841 Meng Zhang (鲸落) NorthSeaajajfxhj Brian McNulty Computer ScienceCristian Dinca Computer ScienceRomania Vaibhav Prajapati CVE-2024-39894 Wojciech Regula SecuRingRifa'i Rejal Maynando Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Zhongquan Li @Guluisacat Yiğit Can YILMAZ @yilmazcanyigit SecuRingKirin @Pwnrin NorthSea냥냥 Halle Winkler Politepix @hallewinkler Vivek Dhar working as Assistant Sub-Inspector (RM) in Border Security Force (Frontier Headquarter BSF Kashmir) Pedro José Pereira Vieito @pvieito luckyu @uuulucky NorthSeaOm Kothawade the UNTHSC College of PharmacyOmar A. Alanis the UNTHSC College of PharmacyBistrit Dahal Matej Moravec @MacejkoMoravec K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Arsenii Kostromin (0x3c3e) Ron Masas BreakPointJonathan Bar Or @yo_yo_yo_jbo MicrosoftBohdan Stasiuk @Bohdan_Stasiuk CVE-2024-41957 Narendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtTashita Software Security Ron Masas Hafiizh HakTrakYoKo Kho @yokoacc HakTrakTim Michaud @TimGMichaud MoveworksAntonio Zekic @antoniozekic ant4g0nist Charly Suchanek CVE-2024-44134 Preet Dsouza (Fleming College Computer Security & Investigations Program) Domien Schepers Tim Clem Gergely Kalman @gergely_kalman Koh M. Nakagawa @tsunek0h Snoolie Keffaber @0xilis Max Thomas Holger Fuhrmannek Pedro Tôrres @t0rr3sp3dr0 CVE-2024-44130 Pwn2car Trend Micro Zero Day InitiativeClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosAnton Boegler CVE-2024-44129 Joshua Keller Lukas Kenneth Chew Anamika Adhikari Om Kothawade Zaprico DigitalChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Justin Cohen Daniele Antonioli Tuan D. Hoang Chloe Surett Jake Derouin (jakederouin.com) Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal India

Affected Software	Affected Version	How to fix
redhat/OpenEXR	<3.2.1	3.2.1
OpenEXR	<=3.2.1
visionOS	<2	2
tvOS	<18	18
macOS	<15	15
Apple iOS and iPadOS	<18	18
Apple iOS, iPadOS, and macOS	<18	18

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-44129
CVE-2024-44153
CVE-2024-44188
CVE-2024-40792
CVE-2024-40825
CVE-2024-44130
CVE-2024-44182
CVE-2024-44154
CVE-2024-40845
CVE-2024-40846
CVE-2024-44164
CVE-2024-40837
CVE-2024-40847
CVE-2024-40848
CVE-2024-44168
CVE-2024-27860
CVE-2024-27861
CVE-2024-40841
CVE-2024-27795
CVE-2024-44135
CVE-2024-44132
CVE-2024-44126
CVE-2024-44128
CVE-2024-44151
CVE-2024-27876
CVE-2024-44172
CVE-2024-27869
CVE-2024-27875
CVE-2024-44146
CVE-2024-27849
CVE-2023-4504
CVE-2024-40855
CVE-2024-44148
CVE-2024-44177
CVE-2024-54469
CVE-2024-44131
CVE-2024-40850
CVE-2024-54463
CVE-2024-40831
CVE-2024-27880
CVE-2024-44176
CVE-2024-40861
CVE-2024-44160
CVE-2024-44161
CVE-2024-44169
CVE-2024-44165
CVE-2024-44175
CVE-2024-44191
CVE-2024-54560
CVE-2024-44122
CVE-2024-44198
CVE-2024-40791
CVE-2024-54473
CVE-2024-44181
CVE-2024-44183
CVE-2023-5841
CVE-2024-27858
CVE-2024-44167
CVE-2024-40838
CVE-2024-44186
CVE-2024-39894
CVE-2024-44178
CVE-2024-40826
CVE-2024-44149
CVE-2024-40797
CVE-2024-44155
CVE-2024-44125
CVE-2024-44163
CVE-2024-44203
CVE-2024-44144
CVE-2024-44137
CVE-2024-44174
CVE-2024-44123
CVE-2024-40801
CVE-2024-44158
CVE-2024-40844
CVE-2024-44145
CVE-2024-44179
CVE-2024-44170
CVE-2024-40860
CVE-2024-44152
CVE-2024-44166
CVE-2024-44190
CVE-2024-54558
CVE-2024-44133
CVE-2024-44184
CVE-2024-40859
CVE-2024-41957
CVE-2024-54467
CVE-2024-44192
CVE-2024-40857
CVE-2024-40866
CVE-2024-44187
CVE-2024-44227
CVE-2024-54546
CVE-2024-40770
CVE-2024-23237
CVE-2024-44134
CVE-2024-40856
CVE-2024-44189
CVE-2024-44208
CVE-2024-40842
CVE-2024-40843
CVE-2024-40790
CVE-2024-40840
CVE-2024-40830
CVE-2024-44171
CVE-2024-40852
CVE-2024-27874
CVE-2024-44124
CVE-2024-44147
CVE-2024-44217
CVE-2024-44202
CVE-2024-44127
CVE-2024-40863
CVE-2024-40853
CVE-2024-44139
CVE-2024-44180
CVE-2024-27879

Frequently Asked Questions

What is the severity of CVE-2023-5841?
CVE-2023-5841 has been classified as a medium severity vulnerability due to the risk of a heap-based buffer overflow.
How do I fix CVE-2023-5841?
To mitigate CVE-2023-5841, upgrade OpenEXR to version 3.2.2 or later.
Which versions of OpenEXR are affected by CVE-2023-5841?
CVE-2023-5841 affects OpenEXR versions up to and including 3.2.1.
What type of vulnerability is CVE-2023-5841?
CVE-2023-5841 is a heap-based buffer overflow vulnerability.
What could be the potential impact of CVE-2023-5841?
Exploitation of CVE-2023-5841 could lead to arbitrary code execution and destabilization of the affected application.

agent/title
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-5841
agent/software-canonical-lookup
agent/trending
agent/weakness
agent/author
agent/source
agent/references
agent/last-modified-date
agent/description
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/apple-support
source/Apple
alias/CVE-2023-4504
alias/CVE-2024-40855
alias/CVE-2024-44148
alias/CVE-2024-44177
alias/CVE-2024-54469
alias/CVE-2024-44131
alias/CVE-2024-40850
alias/CVE-2024-54463
alias/CVE-2024-40831
alias/CVE-2024-27880
alias/CVE-2024-44176
alias/CVE-2024-40861
alias/CVE-2024-44160
alias/CVE-2024-44161
alias/CVE-2024-44169
alias/CVE-2024-44165
alias/CVE-2024-44175
alias/CVE-2024-44191
alias/CVE-2024-54560
alias/CVE-2024-44122
alias/CVE-2024-44198
alias/CVE-2024-40791
alias/CVE-2024-54473
alias/CVE-2024-44181
alias/CVE-2024-44183
alias/CVE-2024-27858
alias/CVE-2024-44167
alias/CVE-2024-40838
alias/CVE-2024-44186
alias/CVE-2024-39894
alias/CVE-2024-44178
alias/CVE-2024-40826
alias/CVE-2024-44149
alias/CVE-2024-40797
alias/CVE-2024-44155
alias/CVE-2024-44125
alias/CVE-2024-44163
alias/CVE-2024-44203
alias/CVE-2024-44144
alias/CVE-2024-44137
alias/CVE-2024-44174
alias/CVE-2024-44123
alias/CVE-2024-40801
alias/CVE-2024-40837
alias/CVE-2024-44158
alias/CVE-2024-40844
alias/CVE-2024-44145
alias/CVE-2024-44179
alias/CVE-2024-44170
alias/CVE-2024-40860
alias/CVE-2024-44152
alias/CVE-2024-44166
alias/CVE-2024-44190
alias/CVE-2024-54558
alias/CVE-2024-44133
alias/CVE-2024-44184
alias/CVE-2024-40859
alias/CVE-2024-41957
alias/CVE-2024-54467
alias/CVE-2024-44192
alias/CVE-2024-40857
alias/CVE-2024-40866
alias/CVE-2024-44187
alias/CVE-2024-44227
alias/CVE-2024-54546
alias/CVE-2024-40770
alias/CVE-2024-23237
alias/CVE-2024-44134
alias/CVE-2024-40856
alias/CVE-2024-44189
alias/CVE-2024-44208
alias/CVE-2024-40842
alias/CVE-2024-40843
alias/CVE-2024-40790
alias/CVE-2024-27875
alias/CVE-2024-44146
alias/CVE-2024-27849
alias/CVE-2024-27869
alias/CVE-2024-40825
alias/CVE-2024-27876
alias/CVE-2024-40792
alias/CVE-2024-44130
alias/CVE-2024-44182
alias/CVE-2024-44154
alias/CVE-2024-40845
alias/CVE-2024-40846
alias/CVE-2024-44164
alias/CVE-2024-40847
alias/CVE-2024-40848
alias/CVE-2024-44168
alias/CVE-2024-27860
alias/CVE-2024-27861
alias/CVE-2024-40841
alias/CVE-2024-27795
alias/CVE-2024-44135
alias/CVE-2024-44132
alias/CVE-2024-44126
alias/CVE-2024-44128
alias/CVE-2024-44151
alias/CVE-2024-44172
alias/CVE-2024-44188
alias/CVE-2024-44153
alias/CVE-2024-44147
alias/CVE-2024-44217
alias/CVE-2024-44202
alias/CVE-2024-44127
alias/CVE-2024-40863
alias/CVE-2024-40853
alias/CVE-2024-44139
alias/CVE-2024-44180
alias/CVE-2024-27879
alias/CVE-2024-44124
alias/CVE-2024-44171
alias/CVE-2024-40852
alias/CVE-2024-27874
alias/CVE-2024-40830
package-manager/redhat
vendor/openexr
canonical/openexr
version/openexr/3.2.1
vendor/apple
canonical/visionos
canonical/tvos
canonical/macos
canonical/apple ios and ipados
canonical/apple ios, ipados, and macos