Heap-based Buffer Overflow in OpenEXR 3.3.2 Affects Academy Software Foundation
CVE-2025-48072
6.8MEDIUM
What is CVE-2025-48072?
OpenEXR, an image storage format for the motion picture industry developed by the Academy Software Foundation, is susceptible to a heap-based buffer overflow in version 3.3.2. This vulnerability arises during read operations involving DWAA-packed scan-line EXR files, specifically due to improper pointer calculations when decompressing maliciously crafted chunks of data. Successfully exploiting this vulnerability could lead to potential memory corruption and unauthorized access to sensitive resources. Users are strongly advised to upgrade to version 3.3.3, which addresses and resolves this issue.
Affected Version(s)
openexr >= 3.3.2, < 3.3.3