EUVD-2025-50826

🗓️ 06 Apr 2026 17:51:23Reported by EUVDType

OpenEXR use-after-free in PyObject_StealAttrString (pyOpenEXR_old.cpp); fixed in 3.2.5, 3.3.6, 3.4.3.

Reporter	Title	Published	Views	Family All 34
AlpineLinux	CVE-2025-64183	10 Nov 202521:29	–	alpinelinux
Circl	CVE-2025-64183	8 Nov 202523:42	–	circl
CNNVD	OpenEXR 资源管理错误漏洞	10 Nov 202500:00	–	cnnvd
CVE	CVE-2025-64183	10 Nov 202521:29	–	cve
Cvelist	CVE-2025-64183 OpenEXR has use after free in PyObject_StealAttrString	10 Nov 202521:29	–	cvelist
Debian CVE	CVE-2025-64183	10 Nov 202521:29	–	debiancve
Fedora	[SECURITY] Fedora 43 Update: mingw-openexr-3.3.6-1.fc43	27 Jan 202604:53	–	fedora
Fedora	[SECURITY] Fedora 42 Update: mingw-openexr-3.3.6-1.fc42	26 Jan 202601:08	–	fedora
Tenable Nessus	Fedora 42 : mingw-openexr (2026-0e8fe3c8a3)	26 Jan 202600:00	–	nessus
Tenable Nessus	Fedora 43 : mingw-openexr (2026-1fbf91067c)	25 Jan 202600:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "c7aa0351-782d-315a-a190-73f61605c007",
        "vendor": {
          "name": "AcademySoftwareFoundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "29e95994-c618-36cf-9012-8ace3ffb8712",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.3"
      },
      {
        "id": "3ad29ab2-1a0f-373b-81a4-7e7c0a0fd5ff",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.6"
      },
      {
        "id": "99639372-0c3c-3022-9e9d-cacfe75d3d27",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.2.0, < 3.2.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m
github	www.github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-64183

06 Apr 2026 17:51Current

7.1High risk

Vulners AI Score7.1

CVSS 46.9

CVSS 3.17.5

EPSS0.00072

SSVC