← Back

CVE-2025-64181

nvd nist
Published: Nov 10, 2025Modified: Dec 8, 2025

JSON object

Loading...
2.0
Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security-advisories@github.com (Secondary)

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

Affected (2)

Products: Openexr: Openexr
Openexr
1 product
Openexr
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Openexr
Openexr
From 3.3.0 to 3.3.6
Openexr
From 3.4.0 to 3.4.3

Related CWEs

CWE-457
Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

References (7)

Source: security-advisories@github.com
ExploitVendor Advisory
Source: security-advisories@github.com
Broken Link
Source: security-advisories@github.com
Broken Link
Source: security-advisories@github.com
Broken Link
Source: security-advisories@github.com
Broken Link
Source: security-advisories@github.com
Broken Link
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitVendor Advisory

Timeline

No history available yet.