CVE-2024-31047 — Integer Overflow or Wraparound in Openexr

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 96.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openexr Debian Openexr

Timeline

PublishedApr 8

Latest updateApr 9

Description

An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/openexr< openexr 3.1.13-1 (forky)

▶NVDopenexr/openexr< 3.2.4

▶Debianopenexr/openexr< 3.1.13-1+1

🔴Vulnerability Details

GHSA

GHSA-prq6-rh2c-gq39: An issue in Academy Software Foundation openexr v↗2024-04-09

▶

OSV

CVE-2024-31047: An issue in Academy Software Foundation openexr v↗2024-04-08

▶

📋Vendor Advisories

Debian

CVE-2024-31047: openexr - An issue in Academy Software Foundation openexr v.3.2.3 and before allows a loca...↗2024

▶