Buffer overflow in Academysoftwarefoundation Openexr

CVE-2025-64182

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.9th percentile) — read the EPSS interpretation.

Affected products

Academysoftwarefoundation Openexr — versions >= 3.2.0, < 3.2.5, >= 3.3.0, < 3.3.6, >= 3.4.0, < 3.4.3

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vh63-9mqx-wmjr (x_refsource_CONFIRM)
https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L528-L536 (x_refsource_MISC)