CVE-2025-12495

Name of the Vulnerable Software and Affected Versions Academy Software Foundation OpenEXR (affected versions not specified)

Description A flaw exists in the parsing of EXR files, stemming from insufficient validation of user-supplied data length before copying it into a heap-based buffer. This can allow a remote attacker to execute arbitrary code on affected installations. User interaction is required, specifically the target must open a malicious file or visit a malicious page. The issue was identified as ZDI-CAN-27946.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.