Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-64182

Опубликовано: 10 нояб. 2025
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue.

A memory-safety vulnerability has been identified in the Python bindings of OpenEXR, where improper checks on image channels and attribute stealing operations may result in buffer overflow when processing crafted EXR files or Python objects. An attacker supplying a malicious EXR file or crafted Python object could exploit this flaw to trigger a crash in applications that use the vulnerable bindings, potentially leading to denial-of-service.

Отчет

This vulnerability affects OpenEXR versions 3.2.x and later, where the Python bindings were first introduced. Red Hat Enterprise Linux 8, 9, 10, and Red Hat In-Vehicle OS (RHIVOS) ship OpenEXR 3.1.x or earlier, which do not include the affected Python adapter code, and therefore are not affected by this vulnerability.

Меры по смягчению последствий

No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10openexrNot affected
Red Hat Enterprise Linux 6OpenEXRNot affected
Red Hat Enterprise Linux 7OpenEXRNot affected
Red Hat Enterprise Linux 8OpenEXRNot affected
Red Hat Enterprise Linux 9openexrNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2413906openexr: buffer overflow in PyOpenEXR_old's channels() and channel()

EPSS

Процентиль: 8%
0.0003
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-64182

CVSS3: 7.8
ubuntu
5 месяцев назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue.

nvd логотип

CVE-2025-64182

CVSS3: 7.8
nvd
5 месяцев назад

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue.

debian логотип

CVE-2025-64182

CVSS3: 7.8
debian
5 месяцев назад

OpenEXR provides the specification and reference implementation of the ...

EPSS

Процентиль: 8%
0.0003
Низкий

6.2 Medium

CVSS3