libIex-3_1-30-32bit-3.1.11-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13683-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libIex-3_1-30-32bit-3.1.11-1.3 on GA media These are all security issues fixed in the libIex-3_1-30-32bit-3.1.11-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13683 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-5841/ SUSE CVE CVE-2023-5841 page openSUSE Tumbleweed libIex-3_1-30-32bit-3.1.11-1.3 libIex-3_2-31-3.2.2-1.1 libIlmThread-3_1-30-32bit-3.1.11-1.3 libIlmThread-3_2-31-3.2.2-1.1 libOpenEXR-3_1-30-32bit-3.1.11-1.3 libOpenEXR-3_2-31-3.2.2-1.1 libOpenEXRCore-3_1-30-32bit-3.1.11-1.3 libOpenEXRCore-3_2-31-3.2.2-1.1 libOpenEXRUtil-3_1-30-32bit-3.1.11-1.3 libOpenEXRUtil-3_2-31-3.2.2-1.1 openexr-3.2.2-1.1 openexr-devel-3.2.2-1.1 openexr-doc-3.2.2-1.1 libIex-3_1-30-32bit-3.1.11-1.3 as a component of openSUSE Tumbleweed libIex-3_2-31-3.2.2-1.1 as a component of openSUSE Tumbleweed libIlmThread-3_1-30-32bit-3.1.11-1.3 as a component of openSUSE Tumbleweed libIlmThread-3_2-31-3.2.2-1.1 as a component of openSUSE Tumbleweed libOpenEXR-3_1-30-32bit-3.1.11-1.3 as a component of openSUSE Tumbleweed libOpenEXR-3_2-31-3.2.2-1.1 as a component of openSUSE Tumbleweed libOpenEXRCore-3_1-30-32bit-3.1.11-1.3 as a component of openSUSE Tumbleweed libOpenEXRCore-3_2-31-3.2.2-1.1 as a component of openSUSE Tumbleweed libOpenEXRUtil-3_1-30-32bit-3.1.11-1.3 as a component of openSUSE Tumbleweed libOpenEXRUtil-3_2-31-3.2.2-1.1 as a component of openSUSE Tumbleweed openexr-3.2.2-1.1 as a component of openSUSE Tumbleweed openexr-devel-3.2.2-1.1 as a component of openSUSE Tumbleweed openexr-doc-3.2.2-1.1 as a component of openSUSE Tumbleweed Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. CVE-2023-5841 openSUSE Tumbleweed:libIex-3_1-30-32bit-3.1.11-1.3 openSUSE Tumbleweed:libIex-3_2-31-3.2.2-1.1 openSUSE Tumbleweed:libIlmThread-3_1-30-32bit-3.1.11-1.3 openSUSE Tumbleweed:libIlmThread-3_2-31-3.2.2-1.1 openSUSE Tumbleweed:libOpenEXR-3_1-30-32bit-3.1.11-1.3 openSUSE Tumbleweed:libOpenEXR-3_2-31-3.2.2-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_1-30-32bit-3.1.11-1.3 openSUSE Tumbleweed:libOpenEXRCore-3_2-31-3.2.2-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_1-30-32bit-3.1.11-1.3 openSUSE Tumbleweed:libOpenEXRUtil-3_2-31-3.2.2-1.1 openSUSE Tumbleweed:openexr-3.2.2-1.1 openSUSE Tumbleweed:openexr-devel-3.2.2-1.1 openSUSE Tumbleweed:openexr-doc-3.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5841.html CVE-2023-5841 https://bugzilla.suse.com/1219498 SUSE Bug 1219498