Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-64181

Good to know:

icon
icon

Date: November 10, 2025

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing "openexr_exrcheck_fuzzer", Valgrind reports a conditional branch depending on uninitialized data inside "generic_unpack". This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

Severity Score

Related Resources (8)

https://github.com/user-attachments/files/23024746/archive4.zip
https://nvd.nist.gov/vuln/detail/CVE-2025-64181
https://github.com/user-attachments/files/23024726/archive0.zip
https://github.com/user-attachments/files/23024744/archive3.zip
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq
https://github.com/user-attachments/files/23024736/archive1.zip
https://github.com/user-attachments/files/23024740/archive2.zip
https://www.mend.io/vulnerability-database/CVE-2025-64181

Severity Score

Weakness Type (CWE)

Use of Uninitialized Variable

CWE-457

Top Fix

icon

Upgrade Version

Upgrade to version openexr - 3.3.6;openexr - 3.4.3;openexr - 3.3.6;openexr - 3.4.3;openexr - 3.4.3;https://github.com/AcademySoftwareFoundation/openexr.git - 3.3.6;https://github.com/AcademySoftwareFoundation/openexr.git - 3.4.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us