Home > Vulnerability Database > CVE-2025-59732

Mend.io Vulnerability Database

CVE-2025-59732

Good to know:

Date: October 6, 2025

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond.

Severity Score

7.5

Related Resources (4)

Url: https://b.corp.google.com/issues/436510316

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59732

Url: https://issuetracker.google.com/436510316

Url: https://www.mend.io/vulnerability-database/CVE-2025-59732

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version https://github.com/FFmpeg/FFmpeg.git - n8.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59732

Good to know:

Date: October 6, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?