CVE-2025-48071

OpenEXR vulnerability CVE-2025-48071 is a heap-based buffer overflow in the EXR write/decompression path for ZIPS-packed deep scanline data when a forged chunk header causes the unpacked size to be inconsistent with the actual uncompressed data. The issue resides in OpenEXR’s chunk parsing and un...

CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

TencentOS Server 4: openexr (TSSA-2024:0629)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0629 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2021-45942

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...