OpenEXR’s Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing

July 31, 2025 invoker category_cve

CVE Details

Basic Information

Title OpenEXR’s Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing
Type cve
Published 2025-07-31T20:13:14.436Z
Modified 2025-07-31T20:22:23.603Z

Product Information

Vendor AcademySoftwareFoundation
Product openexr
Version >= 3.3.0, < 3.3.3

CVSS Information

Base Score 8.4 (HIGH)
Attack Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

  • AcademySoftwareFoundation openexr >= 3.3.0, < 3.3.3

Additional Information

CWE List CWE-122
Source GitHub_M

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.