PT-2025-31589 · Openexr+1 · Openexr+1

Ndaprela

Published

2025-07-31

Updated

2026-06-01

CVE-2025-48074

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.3.3

Description OpenEXR is an image storage format used in the motion picture industry. Versions prior to 3.3.3 trust unvalidated dataWindow size values from file headers, potentially leading to excessive memory allocation and performance degradation when processing malicious files.

Recommendations Update to version 3.3.3 or later.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2025-48074

ECHO-F43E-2C25-B994

GHSA-X22W-82JP-8RVF

OPENSUSE-SU-2025:15415-1

Affected Products

Debian

Openexr

PT-2025-31589 · Openexr+1 · Openexr+1

CVE-2025-48074

Weakness Enumeration

Related Identifiers

Affected Products

References · 26