Volerion logoVolerion
Volerion logoVolerion

OpenEXR Heap-Based Buffer Overflow Vulnerability in Deep Scanline Parsing

Vulnerability

A heap-based buffer overflow vulnerability has been identified in OpenEXR versions 3.3.2 through 3.3.0. The issue arises during the decompression of ZIPS-packed deep scan-line EXR files, where a maliciously crafted chunk header can lead to a buffer overflow in the heap. This vulnerability is caused by the 'undo_zip_impl' function not properly validating the size of uncompressed data before writing it, allowing for exploitation by overwriting memory in an uncontrolled manner.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can potentially be exploited to execute arbitrary code within the context of the application using OpenEXR.

Reproduction

The vulnerability can be reproduced by compiling the 'exrcheck' utility with AddressSanitizer enabled, and then using it to open an EXR file crafted to exploit the buffer overflow. The 'exrcheck' tool will crash, demonstrating the successful exploitation of the vulnerability.

Remediation

Users can upgrade to OpenEXR version 3.3.3, which addresses this vulnerability.

Added: Jul 31, 2025, 9:33 PM
Updated: Jul 31, 2025, 9:33 PM

Vulnerability Rating

Custom Algorithm
spread
4.2
impact
10.0
exploitability
5.8
remediation
7.7
relevance
0.3
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.