CVE-2024-31047: 
Linux Debian vulnerability analysis and mitigation

An integer overflow vulnerability was discovered in Academy Software Foundation's OpenEXR version 3.2.3 and earlier versions. The vulnerability specifically affects the convert function within the exrmultipart.cpp file. This security issue was assigned CVE-2024-31047 and was publicly disclosed on April 8, 2024 (MITRE CVE, NVD).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) issue. According to the technical analysis, the vulnerability manifests as a signed integer overflow in the convert function of exrmultipart.cpp, where the calculation '808464432 * 13569' cannot be represented in the int data type. The CVSS v3.1 base score is 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (NVD).

The exploitation of this vulnerability can lead to a Denial of Service (DoS) condition when triggered by a local attacker. The impact is limited to availability with no direct effect on confidentiality or integrity of the system (NVD).

The vulnerability affects OpenEXR versions 3.2.3 and earlier. Various Linux distributions including Debian and Ubuntu have acknowledged the vulnerability and are working on security updates. For Debian systems, it's noted that some versions like buster are not affected as the vulnerable component (exrmultipart) was not installed in the Debian package before version 2.5.0-1 (Debian Tracker).