CVE-2025-48071

Source
https://cve.org/CVERecord?id=CVE-2025-48071
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48071.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-48071
Aliases
Downstream
Related
Published
2025-07-31T20:13:14.436Z
Modified
2026-07-09T15:34:22.568231Z
Severity
  • 8.4 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing
Details

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48071.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-122"
    ]
}
References

Affected packages

Git / github.com/academysoftwarefoundation/openexr

Affected ranges

Type
GIT
Repo
https://github.com/academysoftwarefoundation/openexr
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.3"
        }
    ]
}

Affected versions

v3.*
v3.3.0
v3.3.0-rc2
v3.3.1
v3.3.1-rc
v3.3.2
v3.3.2-rc
v3.3.2-rc2
v3.3.2-rc3
v3.3.2-rc4
v3.3.3-rc

Database specific

vanir_signatures_modified
"2026-07-09T15:34:22Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48071.json"
vanir_signatures
[
    {
        "id": "CVE-2025-48071-b9cfc41c",
        "digest": {
            "line_hashes": [
                "236554309323941681442902780184542278622",
                "215692014661767331559617667733471439449",
                "17146640194290669469922204778186888796",
                "253648945683594711445023860716404119097"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/academysoftwarefoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f",
        "deprecated": false,
        "target": {
            "file": "src/lib/OpenEXRCore/internal_zip.c"
        }
    },
    {
        "id": "CVE-2025-48071-f6e27b48",
        "digest": {
            "function_hash": "189907468790423021866405460083792139662",
            "length": 468.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/academysoftwarefoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f",
        "deprecated": false,
        "target": {
            "function": "undo_zip_impl",
            "file": "src/lib/OpenEXRCore/internal_zip.c"
        }
    }
]