{"url":"http://public2.vulnerablecode.io/api/packages/68674?format=json","purl":"pkg:conan/openexr@3.2.1","type":"conan","namespace":"","name":"openexr","version":"3.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46930?format=json","vulnerability_id":"VCID-pgsj-9kuh-7ufj","summary":"Out-of-bounds Write\nDue to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5841.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5841.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063414","reference_id":"1063414","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063414"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262397","reference_id":"2262397","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262397"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5841","reference_id":"CVE-2023-5841","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5841"},{"reference_url":"https://takeonme.org/cves/CVE-2023-5841.html","reference_id":"CVE-2023-5841.HTML","reference_type":"","scores":[],"url":"https://takeonme.org/cves/CVE-2023-5841.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8800","reference_id":"RHSA-2024:8800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8801","reference_id":"RHSA-2024:8801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8802","reference_id":"RHSA-2024:8802","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9548","reference_id":"RHSA-2024:9548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9548"}],"fixed_packages":[],"aliases":["CVE-2023-5841"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgsj-9kuh-7ufj"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openexr@3.2.1"}