CVE-2025-59733
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-06

Last updated on: 2025-10-19

Assigner: Google Inc.

Description
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G", "R"Β and "A". The channel parsing code can be found in decode_header.Β The buffer td->uncompressed_dataΒ is allocated in decode_blockΒ based on the xsize, ysizeΒ and computed current_channel_offset. The function dwa_uncompressΒ then assumes at [5] that if there are 4 channels, these are "B", "G", "R"Β and "A", and in the calculations at [6] and [7] that all channels are of the same type, which matches the type of the main color channels. If we set the main color channels to a 4-byte type and add duplicate or unknown channels of the 2-byte EXR_HALFΒ type, then the addition at [7] will increment the pointer by 4-bytes * xsize * nb_channels, which will exceed the allocated buffer. We recommend upgrading to version 8.0 or beyond.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-06
Last Modified
2025-10-19
Generated
2026-05-07
AI Q&A
2025-10-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59733
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openexr openexr 8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs when decoding an OpenEXR file that uses DWAA or DWAB compression. The decoding process assumes all image channels have the same pixel type and size, and if there are four channels, they are assumed to be "B", "G", "R", and "A". However, if the main color channels are set to a 4-byte type and additional duplicate or unknown channels of a 2-byte type are added, the pointer arithmetic used during decompression can exceed the allocated buffer size, potentially leading to a buffer overflow.


How can this vulnerability impact me? :

This vulnerability can lead to a buffer overflow during the decoding of specially crafted OpenEXR files, which may cause application crashes, data corruption, or potentially allow an attacker to execute arbitrary code or cause denial of service.


What immediate steps should I take to mitigate this vulnerability?

The recommended immediate step to mitigate this vulnerability is to upgrade to OpenEXR version 8.0 or beyond.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart