Memory Safety Bug in OpenEXR Python Adapter Affects Image Storage Solutions
CVE-2025-64182

5.5MEDIUM

Key Information:

Vendor: Academysoftwarefoundation
Status: Openexr
Vendor: CVE Published:; 10 November 2025

🔔 Create Academysoftwarefoundation Vulnerability Alert

What is CVE-2025-64182?

Versions of OpenEXR from 3.2.0 to 3.2.4, 3.3.0 to 3.3.5, and 3.4.0 to 3.4.2 contain a significant memory safety bug in the deprecated OpenEXR Python adapter. This vulnerability, triggered by manipulating EXR files or crafting Python objects, can result in application crashes and potential code execution. The issue stems from integer overflows and unchecked allocations in the InputFile.channel() and InputFile.channels() methods, leading to risks such as heap overflows in 32-bit systems or NULL dereferences in 64-bit systems. Users are advised to update to versions 3.2.5, 3.3.6, or 3.4.3, which include patches addressing this security concern.

Affected Version(s)

openexr >= 3.2.0, < 3.2.5 < 3.2.0, 3.2.5

openexr >= 3.3.0, < 3.3.6 < 3.3.0, 3.3.6

openexr >= 3.4.0, < 3.4.3 < 3.4.0, 3.4.3

References

https://github.com/AcademySoftwareFoundation/openexr/secu...

x_refsource_CONFIRM

https://github.com/AcademySoftwareFoundation/openexr/blob...

x_refsource_MISC

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Oct 28, 2025

JSON