Buffer Overflow Vulnerability in OpenEXR by Google
CVE-2025-59732

8.7HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-59732?

A vulnerability exists in Google’s OpenEXR when processing images with DWAA or DWAB compression. This issue arises from an assumption that the dimensions of the image, specifically height and width, are divisible by 8. If this condition is not met, the decoding process enters copy loops that continue to write beyond the allocated buffer size, leading to heap memory corruption. This flaw emphasizes the importance of validating image dimensions before processing. Upgrading to OpenEXR version 8.0 or later is recommended to mitigate this risk.

Affected Version(s)

FFmpeg 9a32b863074ed4140141e0d3613905c6f1fe61c5 < 8.0

FFmpeg 7.1.1 < 8.0

References

https://b.corp.google.com/issues/436510316

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Sep 19, 2025

Credit

Google Big Sleep

JSON

Ffmpeg

What is CVE-2025-59732?

Affected Version(s)

References

CVSS V4

Timeline

Credit