Primary

Context

OpenEXR Compression Vulnerability Leading to Heap Memory Corruption

Vulnerability

Patched

A vulnerability exists in the OpenEXR file format when decoding images that use DWAA or DWAB compression. The issue arises from an implicit assumption that the image dimensions are divisible by 8. If they are not, the decoding process can write beyond the allocated buffer, corrupting adjacent heap memory. This vulnerability affects OpenEXR versions prior to 8.0.

Impact

Exploitation of this vulnerability can lead to heap memory corruption, potentially allowing for arbitrary code execution or other memory-related attacks.

Remediation

Users are advised to upgrade to OpenEXR version 8.0 or later.

Added: Oct 6, 2025, 8:17 AM

Updated: Oct 6, 2025, 3:13 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenEXR Compression Vulnerability Leading to Heap Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

OpenEXR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating