CVE-2025-64182— OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-64182
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenEXR 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenEXR是Academy Software Foundation开源的一种高动态范围图像(HDR)文件格式的开放标准。 OpenEXR 3.2.0版本至3.2.4版本、3.3.0版本至3.3.5版本和3.4.0版本至3.4.2版本存在安全漏洞,该漏洞源于OpenEXR Python适配器中存在内存安全问题,可能导致堆溢出或空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr | >= 3.2.0, < 3.2.5 | - |
II. Public POCs for CVE-2025-64182
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-64182
请登录查看更多情报信息。
Same Patch Batch · AcademySoftwareFoundation · 2025-11-10 · 3 CVEs total
| CVE-2025-64183 | OpenEXR has use after free in PyObject_StealAttrString | |
| CVE-2025-64181 | OpenEXR Makes Use of Uninitialized Memory |
IV. Related Vulnerabilities
Same product: openexr
- CVE-2026-42217
OpenEXR: Shift exponent overflow in `readVariableLengthInteg - CVE-2026-42216
OpenEXR: Out-of-bounds read in `IDManifest::init()` during p - CVE-2026-41142
OpenEXR is Vulnerable to Integer overflow in ImageChannel::r - CVE-2026-40250
OpenEXR has integer overflow in DWA decoder outBufferEnd poi - CVE-2026-40244
OpenEXR has integer overflow in DWA setupChannelData planarU
Same vendor: AcademySoftwareFoundation
- CVE-2026-43903
OpenImageIO: SGI RLE decoder heap buffer overflow OIIO_DASSE - CVE-2026-43904
OpenImageIO: Softimage PIC RLE decoder heap buffer overflow - CVE-2026-43905
OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in b - CVE-2026-43996
OpenImageIO: Integer wraparound in bounds check of decode_pi - CVE-2026-43907
OpenImageIO: Integer overflow in QueryRGBBufferSizeInternal
Same weakness: CWE-120
- CVE-2026-8776
Edimax BR-6428NS POST Request formPPTPSetup buffer overflow - CVE-2026-8775
Edimax BR-6428NS POST Request formL2TPSetup buffer overflow - CVE-2026-8764
H3C Magic B3 aspForm UpdateWanParams buffer overflow - CVE-2018-25328
VX Search 10.6.18 Local Buffer Overflow via Directory Field - CVE-2018-25323
Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflo
V. Comments for CVE-2025-64182
No comments yet