22 matches found
OpenEXR Makes Use of Uninitialized Memory
Summary While fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. Details Environment: -...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the genericunpack function when parsing EXR files containing a crafted negative value for dataWindow.min.x. An attacker can cause the process to terminate unexpectedly by supplying a specially crafted E...
Astra Linux - уязвимость в openexr
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
openSUSE 16 Security Update : openexr (openSUSE-SU-2025-20056-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20056-1 advisory. - CVE-2025-64181: Fixed use of uninitialized memory in function genericunpack bsc1253233 Tenable has extracted the preceding description block directly...
CVE-2025-64181
A vulnerability has been identified in the genericunpack function of OpenEXR’s file-handling library, where uninitialized memory is read when processing certain malformed EXR files. An attacker who supplies a specially crafted EXR file to a vulnerable application that uses OpenEXR may trigger...
SUSE-SU-2025:21014-1 Security update for openexr
This update for openexr fixes the following issues: - CVE-2025-64181: Fixed use of uninitialized memory in function genericunpack bsc1253233...
OPENSUSE-SU-2025:20056-1 Security update for openexr
This update for openexr fixes the following issues: - CVE-2025-64181: Fixed use of uninitialized memory in function genericunpack bsc1253233...
SUSE CVE-2025-64181
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
CVE-2025-64181
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
DEBIAN-CVE-2025-64181
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
UBUNTU-CVE-2025-64181
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
Use of Uninitialized Variable
Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable via the genericunpack function. An attacker can trigger undefined behavior or cause a crash by providing specially crafted input that leads to the use of uninitialized memory. PoC The archive includes the...
CVE-2025-64181 OpenEXR Makes Use of Uninitialized Memory
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
CVE-2025-64181
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
CVE-2025-64181 OpenEXR Makes Use of Uninitialized Memory
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
CVE-2025-64181 OpenEXR Makes Use of Uninitialized Memory
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...
OSV-2025-600 Heap-buffer-overflow in generic_unpack
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=436037111 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack Imf34::ScanLineInputFile::Data::readPixels Imf34::InputFile::readPixels...
OSV-2022-413 Heap-buffer-overflow in generic_unpack
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47483 Crash type: Heap-buffer-overflow READ 4 Crash state: genericunpack exrdecodingrun Imf32::checkCoreFile...
OSV-2022-313 Heap-buffer-overflow in generic_unpack
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46432 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack exrdecodingrun Imf31::checkCoreFile...
OSV-2022-82 Heap-buffer-overflow in generic_unpack
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43961 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack exrdecodingrun Imf31::checkCoreFile...