CNNVD-202510-826 Information

CNNVD ID

CNNVD-202510-826

Related CVE

CVE-2025-59732

• CNNVD Published: 2025-10-06

Description (Chinese)

OpenEXR是Academy Software Foundation开源的一种高动态范围图像（HDR）文件格式的开放标准。 OpenEXR 8.0之前版本存在安全漏洞，该漏洞源于解码DWAA或DWAB压缩文件时未验证图像高度和宽度是否可被8整除，可能导致堆内存损坏。

Description (English)

OpenEXR is the open standard for the open-source high-dynamic image (HDR) file format of Academy Software Foundation. There is a security loophole in the pre-OpenEXR 8.0 version, which results from the failure to verify that the height and width of the image can be severed by 8 at the time of decoded DWAA or DWAB compression files, which may result in damage to the memory of the stack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Academy Software Foundation

Published

2025-10-06

Last Modified

2026-02-24

References

https://b.corp.google.com/issues/436510316