Heap-Based Buffer Overflow in OpenEXR Image Storage Format by Academy Software Foundation
CVE-2025-48071
8.4HIGH
What is CVE-2025-48071?
A heap-based buffer overflow vulnerability exists in OpenEXR, versions 3.3.2 through 3.3.0, which can occur during write operations when handling maliciously crafted ZIPS-packed deep scan-line EXR files. This vulnerability is triggered by a forged chunk header that can lead to potential data corruption or code execution. Users are advised to upgrade to version 3.3.3, where this issue has been addressed and resolved.
Affected Version(s)
openexr >= 3.3.0, < 3.3.3