9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-50245

GHSA ID

GHSA-99jg-r3f4-rpxj

EPSS Score

0.84887%

CWE

CWE-120

Published

12/12/2023

Updated

12/12/2023

KEV Status

Technology

GitHub Actions

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-50245

CVE-2023-50245: memory overflow vulnerability in OpenEXR-viewer

Just open this exr file through openexr-viewer.

( poc send by email )

This is windbg log file.

[ POC 2 ] (8660.7e44): Access violation - code c0000005 (!!! second chance !!!) openexr_viewer+0x27be4: 00007ff713ff7be4 c744880c0000803f mov dword ptr [rax+rcx*4+0Ch],3F800000h ds:0000020a3ac8000c=????????

Attempt to write the value 1.0 to the memory address 0x20A3AC8000C

[ POC 1 ] (1404.9264): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. openexr_viewer+0x27be4: 00007ff713ff7be4 c744880c0000803f mov dword ptr [rax+rcx*4+0Ch],3F800000h ds:0000029cb371600c=????????

Attempt to write the value 1.0 to the memory address 0x29CB371600C

Credits Team : ZeroPointer 이동하 ( Lee Dong Ha of ZeroPointer Lab ) 정지민 ( Jeong Jimin of ZeroPointer Lab ) 박우진 ( Park Woojin of ZeroPointer Lab ) 전우진 ( Jeon Woojin of ZeroPointer Lab )

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-50245

CVE-2023-50245:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-50245

GHSA ID

GHSA-99jg-r3f4-rpxj

EPSS Score

0.84887%

CWE

CWE-120

Published

12/12/2023

Updated

12/12/2023

KEV Status

Technology

GitHub Actions

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
afichet/openexr-viewer	actions	< 0.6.1	0.6.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The crash occurs during pixel buffer writes (mov dword ptr [rax+rcx4+0Ch]) which matches the pattern of buffer overflow. The patch added overflow checks for widthheight multiplications and replaced raw allocations with std::vector. The vulnerable versions used unchecked 'new float[m_width*m_height]' allocations in both RGB and Y framebuffer load functions, making them susceptible to integer overflow-triggered buffer underallocations. The Windbg logs showing writes to invalid addresses align with this pattern of memory corruption.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-50245: memory overflow vulnerability in OpenEXR-viewer

CVE-2023-50245:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

9.8

9.8

Technical Details

CVE-2023-50245: memory overflow vulnerability in OpenEXR-viewer

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI