4 matches found
CVE-2025-48072
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...
CVE-2025-48072
OpenEXR 3.3.2 is vulnerable to a heap-based buffer overflow during read when decompressing DWAA-packed scan-line EXR files with a forged chunk. The root cause is bad pointer arithmetic in the DWAA decompressor, which can allow out-of-bounds reads. The issue is fixed in version 3.3.3. Exploitation...
CVE-2025-48072 OpenEXR's Inaccurate Pointer Arithmetic can Cause an Out of Bounds Heap
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...
CVE-2025-48072
creationtimestamp| type| source ---|---|--- 2025-07-31 15:09:15+00:00| published-proof-of-concept| https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43 2025-07-31 23:42:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvccsrrjty2d...