CVE-2025-59732

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 8.0

Description An issue exists in decoding OpenEXR files that utilize DWAA or DWAB compression. The software implicitly assumes image height and width are divisible by 8. When this condition is not met, copy loops can write beyond allocated buffer boundaries, potentially leading to heap memory corruption. The td->uncompressed data buffer, allocated during the decode block process, is susceptible to being exceeded by the copy loop when the image dimensions are not multiples of 8. This can result in corruption of adjacent heap memory.

Recommendations Upgrade to version 8.0 or later.