CVE-2025-48072

Опубликовано: 31 июл. 2025

Источник: redhat

CVSS3: 5.3

Описание

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	openexr	Not affected
Red Hat Enterprise Linux 6	ilmbase	Not affected
Red Hat Enterprise Linux 6	OpenEXR	Not affected
Red Hat Enterprise Linux 7	ilmbase	Not affected
Red Hat Enterprise Linux 7	OpenEXR	Not affected
Red Hat Enterprise Linux 8	ilmbase	Not affected
Red Hat Enterprise Linux 8	OpenEXR	Not affected
Red Hat Enterprise Linux 9	openexr	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2385866openexr: OpenEXR Out of Bounds Read

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-48072

CVSS3: 9.1

ubuntu

17 дней назад

CVE-2025-48072

CVSS3: 9.1

nvd

17 дней назад

CVE-2025-48072

CVSS3: 9.1

debian

17 дней назад

OpenEXR provides the specification and reference implementation of the ...

GHSA-4r7w-q3jg-ff43

github

17 дней назад

OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute

5.3 Medium

CVSS3