Heap-Based Buffer Overflow in OpenEXR Image Storage Format by Academy Software Foundation
CVE-2025-48071

8.4HIGH

Key Information:

Vendor

Academysoftwarefoundation

Status
Openexr
Vendor
CVE Published:
31 July 2025

What is CVE-2025-48071?

A heap-based buffer overflow vulnerability exists in OpenEXR, versions 3.3.2 through 3.3.0, which can occur during write operations when handling maliciously crafted ZIPS-packed deep scan-line EXR files. This vulnerability is triggered by a forged chunk header that can lead to potential data corruption or code execution. Users are advised to upgrade to version 3.3.3, where this issue has been addressed and resolved.

Affected Version(s)

openexr >= 3.3.0, < 3.3.3

References

https://github.com/AcademySoftwareFoundation/openexr/secu...
x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/openexr/comm...
x_refsource_MISC
https://github.com/AcademySoftwareFoundation/openexr/rele...
x_refsource_MISC

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.