CNNVD-202507-3958 Information

Jul 31, 2025 cve

CNNVD ID

CNNVD-202507-3958

CVE-2025-48072

CNNVD Published: 2025-07-31

Description (Chinese)

OpenEXR是Academy Software Foundation开源的一种高动态范围图像（HDR）文件格式的开放标准。 OpenEXR 3.3.2版本存在缓冲区错误漏洞，该漏洞源于DWAA-packed scan-line EXR文件解压时存在堆缓冲区溢出。

Description (English)

OpenEXR is the open standard for the open-source high-dynamic image (HDR) file format of Academy Software Foundation. Version 3.3.2 of OpenEXR contains an error hole in the buffer zone, which arises from a pile of buffers when the DWAA-packed scan-line EXR files are depressed.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

Academy Software Foundation

Published

2025-07-31

Last Modified

2026-02-24

References

https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3 https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43

Patch

https://github.com/AcademySoftwareFoundation/openexr/releases

Share on: