CVE-2025-48074

Medium CVSS: 4.6

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.

Vendor

Openexr

Product

Openexr

CWE

CWE-770

Yayın Tarihi

2025-08-01 17:15:52

Güncelleme

2025-08-13 19:18:13

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-770 Openexr MEDIUM Openexr 2025

Referanslar

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf https://github.com/ShielderSec/poc/tree/main/CVE-2025-48074

Benzer Kayıtlar

High

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the…

Medium

CVE-2026-26981

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the…

High

CVE-2025-12495

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Thi…

High

CVE-2025-12839

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Thi…

High

CVE-2025-12840

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Thi…

Medium

CVE-2025-64182

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the…