CVE-2023-5841: 
NixOS vulnerability analysis and mitigation

CVE-2023-5841 affects the Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior. The vulnerability was discovered due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanline data. This heap-based buffer overflow vulnerability was resolved in versions v3.2.2 and v3.1.12 of the affected library (NVD).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) and out-of-bounds write (CWE-787). The CVSS v3.1 base score is 9.1 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating a critical severity level with network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability could allow an attacker to cause heap corruption through processing a maliciously crafted file, potentially leading to arbitrary code execution or system crashes. The CVSS score indicates high impacts on both confidentiality and integrity, though availability is not affected (NVD).

Users should upgrade to OpenEXR version 3.2.2 or 3.1.12, which contain the fix for this vulnerability. Various Linux distributions have also released security updates to address this issue, including Fedora 38 and 39 (Fedora Update).