CNNVD-202511-902 Information
CNNVD ID
CNNVD-202511-902
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
OpenEXR是Academy Software Foundation开源的一种高动态范围图像(HDR)文件格式的开放标准。 OpenEXR 3.2.0版本至3.2.4版本、3.3.0版本至3.3.5版本和3.4.0版本至3.4.2版本存在安全漏洞,该漏洞源于OpenEXR Python适配器中存在内存安全问题,可能导致堆溢出或空指针取消引用。
Description (English)
OpenEXR is the open standard for the open-source high-dynamic image (HDR) file format of Academy Software Foundation. There is a security loophole in OpenEXR Versions 3.2.0 to 3.2.4, 3.3.0 to 3.3.5 and 3.4.0 to 3.4.2, which stems from memory security problems in the OpenEXR Python adaptor, which may lead to a pile spill or empty pointer cancellation.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Academy Software Foundation
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L528-L536 https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vh63-9mqx-wmjr https://access.redhat.com/security/cve/cve-2025-64182
Patch
https://openexr.com/en/latest/
Share on: