OpenEXR Deep Scanline Image Error in Version 3.3.2 by Academy Software Foundation
CVE-2025-48073

4.6MEDIUM

Key Information:

Status
Vendor
CVE Published:
31 July 2025

What is CVE-2025-48073?

In OpenEXR version 3.3.2, an issue occurs when handling deep scanline images with a high sample count in reduceMemory mode. This can lead to a NULL pointer dereference during write operations, potentially causing the application to crash. Users are advised to upgrade to version 3.3.3, which addresses this issue and enhances the overall stability of the software.

Affected Version(s)

openexr >= 3.3.2, < 3.3.3

References

CVSS V4

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-48073 : OpenEXR Deep Scanline Image Error in Version 3.3.2 by Academy Software Foundation