CVE-2025-64182

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.4 OpenEXR versions 3.3.0 through 3.3.5 OpenEXR versions 3.4.0 through 3.4.2

Description OpenEXR is an image storage format used in the motion picture industry. A memory safety issue exists in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper). This issue can lead to crashes and potential code execution when processing attacker-controlled EXR files or crafted Python objects. Specifically, integer overflow and unchecked allocation within the InputFile.channel() and InputFile.channels() functions can cause a heap overflow (on 32-bit systems) or a NULL dereference (on 64-bit systems).

Recommendations Update to OpenEXR version 3.2.5 or later. Update to OpenEXR version 3.3.6 or later. Update to OpenEXR version 3.4.3 or later.