CNNVD-202508-055 Information

CNNVD ID

CNNVD-202508-055

Related CVE

CVE-2025-48074

• CNNVD Published: 2025-08-01

Description (Chinese)

OpenEXR是Academy Software Foundation开源的一种高动态范围图像（HDR）文件格式的开放标准。 OpenEXR 3.3.2版本存在安全漏洞，该漏洞源于应用程序信任未验证的dataWindow大小值，可能导致处理恶意文件时过度内存分配和性能下降。

Description (English)

OpenEXR is the open standard for the open-source high-dynamic image (HDR) file format of Academy Software Foundation. OpenEXR version 3.3.2 contains a security loophole, which stems from the application ’ s trust in unverified dataWindow sizes, which may result in excessive memory allocation and reduced performance in the processing of malicious documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Academy Software Foundation

Published

2025-08-01

Last Modified

2026-02-24

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf https://github.com/ShielderSec/poc/tree/main/CVE-2025-48074

Patch

https://openexr.com/en/latest/