CVE-2025-48071

CVSS v4.0

8.4

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.3.0 through 3.3.2

Description OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. A heap-based buffer overflow occurs during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header.

Recommendations Update to version 3.3.3 or later.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

CVE-2025-48071

GHSA-H45X-QHG2-Q375

OPENSUSE-SU-2025:15415-1

ZDI-25-834

Affected Products

Openexr

CVE-2025-48071

Weakness Enumeration

Related Identifiers

Affected Products

References · 24