CNNVD-202512-4087 Information

CNNVD ID

CNNVD-202512-4087

Related CVE

CVE-2025-12495

• CNNVD Published: 2025-12-23

Description (Chinese)

Academy Software Foundation OpenEXR是美国Academy Software Foundation组织的一套EXR文件读写软件库。 Academy Software Foundation OpenEXR存在安全漏洞，该漏洞源于解析EXR文件时缺乏对用户提供数据长度的验证，可能导致堆缓冲区溢出和远程代码执行。

Description (English)

Academy Software Foundation OpenEXR is an EXR file reading and writing software library organized by Academy Software Foundation in the United States. There is a security loophole in Academy Software Foundation OpenEXR, which stems from the lack of validation of the data length provided by users when decrypting the EXR file, which could lead to spills over the buffer zone and remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Academy Software Foundation

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-989/

Patch

https://openexr.com/en/latest/