Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-48074

Опубликовано: 01 авг. 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.

A memory exhaustion flaw has been discovered in OpenEXR. In affected versions, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10openexrNot affected
Red Hat Enterprise Linux 6ilmbaseNot affected
Red Hat Enterprise Linux 6OpenEXRNot affected
Red Hat Enterprise Linux 7ilmbaseNot affected
Red Hat Enterprise Linux 7OpenEXRNot affected
Red Hat Enterprise Linux 8ilmbaseNot affected
Red Hat Enterprise Linux 8OpenEXRNot affected
Red Hat Enterprise Linux 9openexrNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2385995openexr: OpenEXR memory exhaustion

EPSS

Процентиль: 3%
0.00019
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-48074

ubuntu
16 дней назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.

nvd логотип

CVE-2025-48074

nvd
16 дней назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.

debian логотип

CVE-2025-48074

debian
16 дней назад

OpenEXR provides the specification and reference implementation of the ...

github логотип

GHSA-x22w-82jp-8rvf

github
17 дней назад

OpenEXR Out-Of-Memory via Unbounded File Header Values

EPSS

Процентиль: 3%
0.00019
Низкий

3.3 Low

CVSS3