OpenEXR Deep Scanline Image Error in Version 3.3.2 by Academy Software Foundation
CVE-2025-48073

4.6MEDIUM

Key Information:

Vendor: Academysoftwarefoundation
Status: Openexr
Vendor: CVE Published:; 31 July 2025

🔔 Create Academysoftwarefoundation Vulnerability Alert

What is CVE-2025-48073?

In OpenEXR version 3.3.2, an issue occurs when handling deep scanline images with a high sample count in reduceMemory mode. This can lead to a NULL pointer dereference during write operations, potentially causing the application to crash. Users are advised to upgrade to version 3.3.3, which addresses this issue and enhances the overall stability of the software.

Affected Version(s)

openexr >= 3.3.2, < 3.3.3

References

https://github.com/AcademySoftwareFoundation/openexr/secu...

x_refsource_CONFIRM

https://github.com/ShielderSec/poc/tree/main/CVE-2025-48073

x_refsource_MISC

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
May 15, 2025