Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-64182
Good to know:
Date: November 10, 2025
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue.
Severity Score
Related Resources (4)
Severity Score
Weakness Type (CWE)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-120Top Fix
Upgrade Version
Upgrade to version openexr - 3.2.5;openexr - 3.3.6;openexr - 3.4.3;openexr - 3.2.5;openexr - 3.3.6;openexr - 3.4.3;openexr - 3.2.5;openexr - 3.3.6;https://github.com/AcademySoftwareFoundation/openexr.git - v3.2.5;https://github.com/AcademySoftwareFoundation/openexr.git - v3.3.6;https://github.com/AcademySoftwareFoundation/openexr.git - v3.4.3
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |