CVE-2025-64181

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.3.0 through 3.3.5 OpenEXR versions 3.4.0 through 3.4.2

Description OpenEXR is an image storage format used in the motion picture industry. A flaw exists due to a conditional branch based on uninitialized data within the generic unpack function. This can lead to undefined behavior, potentially causing a crash or denial of service. The issue was discovered while fuzzing with openexr exrcheck fuzzer.

Recommendations Update to OpenEXR version 3.3.6 or later. Update to OpenEXR version 3.4.3 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457

Related Identifiers

BDU:2026-03140

CVE-2025-64181

GHSA-3H9H-QFVW-98HQ

OESA-2025-2740

OPENSUSE-SU-2025:15741-1

OPENSUSE-SU-2025:20056-1

SUSE-SU-2025:21014-1

SUSE-SU-2025_21014-1

Affected Products

Debian

Openexr

Suse

CVE-2025-64181

Weakness Enumeration

Related Identifiers

Affected Products

References · 35