CVE-2023-5841

CVE-2023-5841: OpenEXR Heap Overflow in Scanline Deep Data Parsing

Vendor Academy Software Foundation
Product OpenEXR
Weakness CWE-122
Published February 1, 2024
Last update November 4, 2025

CVSS base score

What the vulnerability does

01Description

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Key dates

02Disclosure timeline

February 1, 2024 CVE published
November 4, 2025 Record updated