{"id":"CVE-2023-50245","summary":"OpenEXR-viewer memory overflow vulnerability","details":"OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1.","aliases":["GHSA-99jg-r3f4-rpxj"],"modified":"2026-04-23T11:35:02.422434Z","published":"2023-12-11T22:39:19.059Z","database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"0.6.1"}]}],"cwe_ids":["CWE-120"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50245.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50245.json"},{"type":"ADVISORY","url":"https://github.com/afichet/openexr-viewer/security/advisories/GHSA-99jg-r3f4-rpxj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50245"},{"type":"FIX","url":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/afichet/openexr-viewer","events":[{"introduced":"0"},{"fixed":"4f3b278ce4591e0cfbbee5f0fac5774b69a1df96"},{"fixed":"d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9"}],"database_specific":{"cpe":"cpe:2.3:a:afichet:openexr_viewer:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"0.6.1"}]}}],"versions":["v0.1-alpha","v0.2","v0.3","v0.4","v0.4.1","v0.5.0","v0.5.1","v0.5.2","v0.6.0"],"database_specific":{"vanir_signatures_modified":"2026-04-23T11:35:02Z","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"line_hashes":["64738272365013257870587451864691260119","209379071068605895320954654966436745652","190965765470867045717458934098327262206","245724813677827276308179013325298886206","103763104839661215409440302196854640485","331986793521108207453461111892510852768","35522504392718112805913270313891786541","179481925312398989845070494422180030271","51378858295810897020333438284414427650","67234307231393602673367487477864146859","33777662814165170292115154681537197656","191429128430397765964239053181557098196","4658679271062927480414214324616383041","323039524864112919279232334802514520261","257517805079624312651510099269885447474","168950035693235222254922707612061519209","110992797508811139995187783461010157479","170531296772236581694591897605724547289","39825984679791603140107288891082540633","243896851202228527564243827261425586780","175628485333322693572743784901395326849","328331697361138606467576572135026120700","121580999862674259922047280983123544841"],"threshold":0.9},"signature_type":"Line","deprecated":false,"id":"CVE-2023-50245-009e6e7d","target":{"file":"src/model/framebuffer/RGBFramebufferModel.cpp"}},{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"function_hash":"198367169848918038700952852602421579474","length":72},"signature_type":"Function","deprecated":false,"id":"CVE-2023-50245-0bc20388","target":{"function":"FramebufferModel::~FramebufferModel","file":"src/model/framebuffer/FramebufferModel.cpp"}},{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"line_hashes":["165954451598708457802889743436027356044","234102712166256091095603884544055693624","106861118323284048732338014066207576392","306338362389233304832156154624443880247","108903875901816483966073769722473872848","88324201223179489502172615357191248025","333030163113508240478631767429246253663","75343804725752006720228733916065535142","26777798768947979238356368596809891738"],"threshold":0.9},"signature_type":"Line","deprecated":false,"id":"CVE-2023-50245-1c85bec7","target":{"file":"src/model/framebuffer/FramebufferModel.h"}},{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"line_hashes":["24321992954206166000865049181898351438","290938586215842366594935342717732546556","97791127879715545590629473174358619875","49247160108673678227221188244076273130","308945970272795925838400466441018701879","277162348357828376683029857756383442839","92221360587191281335437113066812965100","198367169848918038700952852602421579474"],"threshold":0.9},"signature_type":"Line","deprecated":false,"id":"CVE-2023-50245-2822bae9","target":{"file":"src/model/framebuffer/FramebufferModel.cpp"}},{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"function_hash":"14016499946652998893610327212048009468","length":2146},"signature_type":"Function","deprecated":false,"id":"CVE-2023-50245-38f59b55","target":{"function":"YFramebufferModel::load","file":"src/model/framebuffer/YFramebufferModel.cpp"}},{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"line_hashes":["253978320313686747332044054022460062035","204325246711775982650332522129651195583","292329731033034065441535181928782934875","97816024149439275640731718518645352443","66261361642063192211769717242591994812","196382362159703331648018088767253526073","321664416389515312963861610304204862418","315251833254933677321397518830277509937","270007079000952670458110238186694124859","52446192567868439057789901682246153938","97816024149439275640731718518645352443","311650267167844159594853449772345815234","98306957938388639264536284993645500156","26188338807358354902196727085960155851"],"threshold":0.9},"signature_type":"Line","deprecated":false,"id":"CVE-2023-50245-61594635","target":{"file":"src/model/framebuffer/YFramebufferModel.cpp"}},{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"function_hash":"8525604416149332472621664147304560568","length":6627},"signature_type":"Function","deprecated":false,"id":"CVE-2023-50245-848b5821","target":{"function":"RGBFramebufferModel::load","file":"src/model/framebuffer/RGBFramebufferModel.cpp"}},{"signature_version":"v1","source":"https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9","digest":{"function_hash":"134051509093911443417399416522476359212","length":349},"signature_type":"Function","deprecated":false,"id":"CVE-2023-50245-90c247cb","target":{"function":"FramebufferModel::FramebufferModel","file":"src/model/framebuffer/FramebufferModel.cpp"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50245.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}