Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. https://takeonme.org/cves/CVE-2023-5841.html
Created openexr2 tracking bugs for this issue: Affects: fedora-all [bug 2262399] Created usd tracking bugs for this issue: Affects: fedora-all [bug 2262398]
Created mingw-openexr tracking bugs for this issue: Affects: fedora-all [bug 2262407] Created openexr tracking bugs for this issue: Affects: fedora-all [bug 2262406]
Addressed in: * OpenEXR v3.2.2: https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2 * OpenEXR v3.1.12: https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.12