CVE-2025-59732
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-59732, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-06

Last updated on: 2025-10-19

Assigner: Google Inc.

Description

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_dataΒ is allocated in decode_blockΒ based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-06
Last Modified
2025-10-19
Generated
2026-07-06
AI Q&A
2025-10-06
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openexr openexr *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when decoding an OpenEXR file that uses DWAA or DWAB compression. The decoding process assumes that the image's height and width are divisible by 8. If they are not, the copy loops will write beyond the allocated buffer size, which is based on the actual height and width. This causes a buffer overflow that can corrupt adjacent heap memory.

Impact Analysis

The vulnerability can lead to heap memory corruption due to buffer overflow when processing specially crafted OpenEXR files. This can potentially be exploited to cause crashes, data corruption, or arbitrary code execution, depending on the context in which the vulnerable code is used.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade to OpenEXR version 8.0 or beyond.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart