CNNVD-202511-899 Information
CNNVD ID
CNNVD-202511-899
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
OpenEXR是Academy Software Foundation开源的一种高动态范围图像(HDR)文件格式的开放标准。 OpenEXR 3.3.0版本至3.3.5版本和3.4.0版本至3.4.2版本存在安全漏洞,该漏洞源于使用未初始化内存,可能导致未定义行为和拒绝服务。
Description (English)
OpenEXR is the open standard for the open-source high-dynamic image (HDR) file format of Academy Software Foundation. OpenEXR Versions 3.3.0 to 3.3.5 and 3.4.0 to 3.4.2 have a security loophole, which stems from the use of uninitialized memory and may lead to undefined behaviour and denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Academy Software Foundation
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/user-attachments/files/23024744/archive3.zip https://github.com/user-attachments/files/23024740/archive2.zip https://github.com/user-attachments/files/23024736/archive1.zip https://github.com/user-attachments/files/23024746/archive4.zip https://github.com/user-attachments/files/23024726/archive0.zip https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq https://access.redhat.com/security/cve/cve-2025-64181
Patch
https://openexr.com/en/latest/
Share on: