CNNVD-202511-900 Information

CNNVD ID

CNNVD-202511-900

Related CVE

CVE-2025-64183

• CNNVD Published: 2025-11-10

Description (Chinese)

OpenEXR是Academy Software Foundation开源的一种高动态范围图像（HDR）文件格式的开放标准。 OpenEXR 3.2.0版本至3.2.4版本、3.3.0版本至3.3.5版本和3.4.0版本至3.4.2版本存在资源管理错误漏洞，该漏洞源于pyOpenEXR_old.cpp中PyObject_StealAttrString存在释放后重用问题。

Description (English)

OpenEXR is the open standard for the open-source high-dynamic image (HDR) file format of Academy Software Foundation. There is a resource management error gap between versions 3.2.0 to 3.2.4, 3.3.0 to 3.3.5 and 3.4.0 to 3.4.2, which stems from the post-release reuse problem of PyObject StealAttrstrring in pyOpenEXR old.cpp.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

Academy Software Foundation

Published

2025-11-10

Last Modified

2026-02-24

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L109-L115 https://access.redhat.com/security/cve/cve-2025-64183

Patch

https://openexr.com/en/latest/