Use After Free in Academysoftwarefoundation Openexr

CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-…

Vulnerability class: Use-After-Free

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

Affected products

Academysoftwarefoundation Openexr — versions >= 3.2.0, < 3.2.5, >= 3.3.0, < 3.3.6, >= 3.4.0, < 3.4.3

Weakness classification (CWE)

CWE-416 — Use After Free

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m (x_refsource_CONFIRM)
https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L109-L115 (x_refsource_MISC)