CVE-2025-48072
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-31

Last updated on: 2025-08-13

Assigner: GitHub, Inc.

Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-31
Last Modified
2025-08-13
Generated
2026-05-07
AI Q&A
2025-07-31
EPSS Evaluated
2026-05-05
NVD
CVE-2025-48072
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openexr openexr 3.3.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a heap-based buffer overflow in OpenEXR version 3.3.2 that occurs during the reading of DWAA-packed scan-line EXR files. It is caused by incorrect pointer arithmetic when decompressing a maliciously crafted chunk in the file, which can lead to memory corruption. The issue is fixed in version 3.3.3.


How can this vulnerability impact me? :

The heap-based buffer overflow can lead to memory corruption, which may be exploited to cause a crash or potentially execute arbitrary code when processing a malicious EXR file. This can impact the security and stability of applications using the vulnerable OpenEXR version.


What immediate steps should I take to mitigate this vulnerability?

Upgrade OpenEXR to version 3.3.3 or later, as this version contains the fix for the heap-based buffer overflow vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart