CVE-2025-64182
中文标题:
(暂无数据)
英文标题:
OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()
漏洞描述
中文描述:
(暂无数据)
英文描述:
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel() and InputFile.channels() can lead to heap overflow (32 bit) or a NULL deref (64 bit). Versions 3.2.5, 3.3.6, and 3.4.3 contain a patch for the issue.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| AcademySoftwareFoundation | openexr | >= 3.2.0, < 3.2.5 | - | - |
cpe:2.3:a:academysoftwarefoundation:openexr:>=_3.2.0,_<_3.2.5:*:*:*:*:*:*:*
|
| AcademySoftwareFoundation | openexr | >= 3.3.0, < 3.3.6 | - | - |
cpe:2.3:a:academysoftwarefoundation:openexr:>=_3.3.0,_<_3.3.6:*:*:*:*:*:*:*
|
| AcademySoftwareFoundation | openexr | >= 3.4.0, < 3.4.3 | - | - |
cpe:2.3:a:academysoftwarefoundation:openexr:>=_3.4.0,_<_3.4.3:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
CVSS评分详情
4.0 (cna)
MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-64182 |
2025-11-11 15:23:34 | 2025-11-11 07:40:50 |
| NVD | nvd_CVE-2025-64182 |
2025-11-11 15:01:08 | 2025-11-11 07:48:36 |
版本与语言
安全公告
变更历史
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']