OpenEXR’s Unbounded File Header Values can Lead to Out-Of-Memory Errors

August 1, 2025 invoker category_cve

CVE Details

Basic Information

Title OpenEXR’s Unbounded File Header Values can Lead to Out-Of-Memory Errors
Type cve
Published 2025-08-01T16:32:54.595Z
Modified 2025-08-01T17:09:00.696Z

Product Information

Vendor AcademySoftwareFoundation
Product openexr
Version >= 3.3.2, < 3.3.3

CVSS Information

Base Score 4.6 (MEDIUM)
Attack Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products

  • AcademySoftwareFoundation openexr >= 3.3.2, < 3.3.3

Additional Information

CWE List CWE-770
Source GitHub_M

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.