CVE-2025-64181
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-10

Last updated on: 2025-12-08

Assigner: GitHub, Inc.

Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-10
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64181
EUVD
EUVD-2025-50828
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openexr openexr From 3.3.0 (inc) to 3.3.6 (exc)
openexr openexr From 3.4.0 (inc) to 3.4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-457 The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in OpenEXR versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2 involves the use of uninitialized memory inside the function generic_unpack, as detected by Valgrind during fuzzing of openexr_exrcheck_fuzzer. This can lead to undefined behavior or potentially cause the program to crash or experience a denial of service.

Mitigation Strategies

Upgrade OpenEXR to version 3.3.6 or 3.4.3 or later, as these versions contain fixes for the use of uninitialized memory issue.

Impact Analysis

The vulnerability can cause undefined behavior in applications using the affected OpenEXR versions, which may result in crashes or denial of service conditions, potentially disrupting normal operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64181. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart