CVE-2025-64181

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-64181
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64181.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-64181
Aliases
Downstream
Related
Published
2025-11-10T21:23:04.248Z
Modified
2026-04-10T05:33:43.533906Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
OpenEXR Makes Use of Uninitialized Memory
Details

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexr_exrcheck_fuzzer, Valgrind reports a conditional branch depending on uninitialized data inside generic_unpack. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64181.json",
    "cwe_ids": [
        "CWE-457"
    ]
}
References

Affected packages

Git / github.com/academysoftwarefoundation/openexr

Affected ranges

Type
GIT
Repo
https://github.com/academysoftwarefoundation/openexr
Events
Introduced
c7d3eac70ccde2c4ed484c6638b83ba872f71464
Fixed
027f33284f146d91bf983a58c8ea50c36154f339
Database specific 
{
    "versions": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/academysoftwarefoundation/openexr
Events
Introduced
20a65852895894434bea88613f6d29ac8e88bd6e
Fixed
042c83d28dc8ad754f970800a651509ca61a0570
Database specific 
{
    "versions": [
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.3"
        }
    ]
}

Affected versions

v3.*
v3.3.0
v3.3.0-rc2
v3.3.1
v3.3.1-rc
v3.3.2
v3.3.2-rc
v3.3.2-rc2
v3.3.2-rc3
v3.3.2-rc4
v3.3.3
v3.3.3-rc
v3.3.3-rc1
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc3
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.4.0
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3-rc
v3.4.3-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64181.json"

Git / github.com/openexr/openexr

Affected ranges

Type
GIT
Repo
https://github.com/openexr/openexr
Events
Introduced
c7d3eac70ccde2c4ed484c6638b83ba872f71464
Fixed
027f33284f146d91bf983a58c8ea50c36154f339
Introduced
20a65852895894434bea88613f6d29ac8e88bd6e
Fixed
042c83d28dc8ad754f970800a651509ca61a0570
Database specific 
{
    "versions": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.6"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.3"
        }
    ]
}

Affected versions

v3.*
v3.3.0
v3.3.0-rc2
v3.3.1
v3.3.1-rc
v3.3.2
v3.3.2-rc
v3.3.2-rc2
v3.3.2-rc3
v3.3.2-rc4
v3.3.3
v3.3.3-rc
v3.3.3-rc1
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc3
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.4.0
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3-rc
v3.4.3-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64181.json"