Primary

Context

OpenEXR Compression Vulnerability in DWAA and DWAB Decoding

Vulnerability

Patched

A vulnerability exists in the OpenEXR file format when decoding images that use DWAA or DWAB compression. The issue arises because the decoder does not properly validate the specified raw length of run-length-encoded data before using it to determine the size of the output data. This flaw can lead to a buffer over-read, where the decoder accesses more data than intended, potentially causing memory corruption or other unintended behavior. The vulnerability affects OpenEXR versions prior to 8.0.

Impact

Exploitation of this vulnerability can lead to a buffer over-read, allowing the decoder to access memory beyond the intended data boundaries. This could result in memory corruption or other unpredictable behavior in the application processing the OpenEXR file.

Remediation

Users are advised to upgrade to OpenEXR version 8.0 or later.

Added: Oct 6, 2025, 8:18 AM

Updated: Oct 6, 2025, 3:14 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenEXR Compression Vulnerability in DWAA and DWAB Decoding

Vulnerability

Impact

Remediation

Affected Products

OpenEXR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating