CNNVD-202507-3957 Information
CNNVD ID
CNNVD-202507-3957
Related CVE
- CNNVD Published: 2025-07-31
Description (Chinese)
OpenEXR是Academy Software Foundation开源的一种高动态范围图像(HDR)文件格式的开放标准。 OpenEXR 3.3.0至3.3.2版本存在安全漏洞,该漏洞源于ZIPS-packed deep scan-line EXR文件解压时存在堆缓冲区溢出。
Description (English)
OpenEXR is the open standard for the open-source high-dynamic image (HDR) file format of Academy Software Foundation. Releases 3.3.0 to 3.3.2 of OpenEXR contain a security loophole, which stems from the proliferation of buffer zones when ZIPS-packed deep scan-line EXR files are depressed.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Academy Software Foundation
Published
2025-07-31
Last Modified
2026-02-24
References
https://github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3 https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375
Patch
https://github.com/AcademySoftwareFoundation/openexr/releases
Share on: