CVE-2025-59732
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-19
Assigner: Google Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openexr | openexr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when decoding an OpenEXR file that uses DWAA or DWAB compression. The decoding process assumes that the image's height and width are divisible by 8. If they are not, the copy loops will write beyond the allocated buffer size, which is based on the actual height and width. This causes a buffer overflow that can corrupt adjacent heap memory.
How can this vulnerability impact me? :
The vulnerability can lead to heap memory corruption due to buffer overflow when processing specially crafted OpenEXR files. This can potentially be exploited to cause crashes, data corruption, or arbitrary code execution, depending on the context in which the vulnerable code is used.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade to OpenEXR version 8.0 or beyond.