Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-48072

Опубликовано: 31 июл. 2025
Источник: debian
EPSS Низкий

Описание

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openexrnot-affectedpackage

Примечания

  • https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43

  • Introduced with: https://github.com/AcademySoftwareFoundation/openexr/commit/0d1b3dad451317b609bf61748dfb4d0c0cc38d5c (v3.3.3-rc)

  • Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361 (v3.3.3-rc)

EPSS

Процентиль: 10%
0.00038
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-48072

CVSS3: 9.1
ubuntu
17 дней назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.

redhat логотип

CVE-2025-48072

CVSS3: 5.3
redhat
17 дней назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.

nvd логотип

CVE-2025-48072

CVSS3: 9.1
nvd
17 дней назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.

github логотип

GHSA-4r7w-q3jg-ff43

github
17 дней назад

OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute

EPSS

Процентиль: 10%
0.00038
Низкий