CVE-2025-48072

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.3.3

Description OpenEXR, an image storage format used in the motion picture industry, contains a flaw. A heap-based buffer overflow can occur during a read operation when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. The issue is due to bad pointer math.

Recommendations Update to version 3.3.3 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2025-48072

GHSA-4R7W-Q3JG-FF43

OPENSUSE-SU-2025:15415-1

Affected Products

Debian

Openexr

CVE-2025-48072

Weakness Enumeration

Related Identifiers

Affected Products

References · 23