CVE-2025-59731
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-19
Assigner: Google Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openexr | openexr | 8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when decoding an OpenEXR file that uses DWAA or DWAB compression. The issue is that the specified raw length of run-length-encoded (RLE) data is not properly checked during the decoding process. Specifically, the code reads the RLE raw size from the input file and decompresses data into a buffer of that size, but later accesses entries beyond the buffer's allocated size, potentially leading to out-of-bounds access.
How can this vulnerability impact me? :
Because the vulnerability involves accessing memory beyond the allocated buffer size during decoding, it can lead to memory corruption, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service when processing malicious OpenEXR files.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade to version 8.0 or beyond of the affected software.