← Volver a CVEs
CVE-2025-48071
HIGH7.8
Descripcion
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado7/31/2025
Ultima modificacion8/13/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
openexr:openexr
Debilidades (CWE)
CWE-122
Referencias
https://github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f(security-advisories@github.com)
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3(security-advisories@github.com)
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.