CVE-2025-64181

Опубликовано: 10 нояб. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexr_exrcheck_fuzzer, Valgrind reports a conditional branch depending on uninitialized data inside generic_unpack. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

Ссылки

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq
Exploit
Vendor Advisory
https://github.com/user-attachments/files/23024726/archive0.zip
Broken Link
https://github.com/user-attachments/files/23024736/archive1.zip
Broken Link
https://github.com/user-attachments/files/23024740/archive2.zip
Broken Link
https://github.com/user-attachments/files/23024744/archive3.zip
Broken Link
https://github.com/user-attachments/files/23024746/archive4.zip
Broken Link
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*

Версия от 3.3.0 (включая) до 3.3.6 (исключая)

cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*

Версия от 3.4.0 (включая) до 3.4.3 (исключая)

EPSS

Процентиль: 29%

0.0011

Низкий

7.5 High

CVSS3

Дефекты

CWE-457

Связанные уязвимости

CVE-2025-64181

CVSS3: 7.5

ubuntu

5 месяцев назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

CVE-2025-64181

CVSS3: 4

redhat

5 месяцев назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

CVE-2025-64181

CVSS3: 7.5

debian

5 месяцев назад

OpenEXR provides the specification and reference implementation of the ...

openSUSE-SU-2025:20056-1

suse-cvrf

5 месяцев назад

Security update for openexr

BDU:2026-03140

CVSS3: 7.5

fstec

5 месяцев назад

Уязвимость программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибками при инициализации переменных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 29%

0.0011

Низкий

7.5 High

CVSS3

Дефекты

CWE-457