UBUNTU-CVE-2025-59732
- Source
- https://ubuntu.com/security/CVE-2025-59732
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-59732.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-59732
- Upstream
- Downstream
- Related
- Published
- 2025-10-06T08:15:00Z
- Modified
- 2026-02-04T04:36:52.866676Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompresseddata is allocated in decodeblock based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / libav
Package
- Name
- libav
- Purl
- pkg:deb/ubuntu/libav@6:9.20-0ubuntu0.14.04.1+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6:0.*
6:0.8.7-1ubuntu2
6:9.*
6:9.10-1ubuntu1
6:9.10-1ubuntu2
6:9.10-1ubuntu5
6:9.10-1ubuntu6
6:9.10-1ubuntu7
6:9.11-2ubuntu1
6:9.11-2ubuntu2
6:9.13-0ubuntu0.14.04.1
6:9.14-0ubuntu0.14.04.1
6:9.16-0ubuntu0.14.04.1
6:9.18-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libav-tools"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-extra-54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice-extra-53"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice53"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter-extra-3"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter3"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat-extra-54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavresample-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavresample1"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil-extra-52"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil52"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale-extra-2"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale2"
}
]
}
Ubuntu:Pro:22.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1+esm11?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.4.2-0ubuntu0.22.04.1+esm11
Affected versions
7:4.*
7:4.4-6ubuntu5
7:4.4.1-2ubuntu1
7:4.4.1-3ubuntu1
7:4.4.1-3ubuntu2
7:4.4.1-3ubuntu3
7:4.4.1-3ubuntu5
7:4.4.2-0ubuntu0.22.04.1
7:4.4.2-0ubuntu0.22.04.1+esm1
7:4.4.2-0ubuntu0.22.04.1+esm2
7:4.4.2-0ubuntu0.22.04.1+esm3
7:4.4.2-0ubuntu0.22.04.1+esm4
7:4.4.2-0ubuntu0.22.04.1+esm5
7:4.4.2-0ubuntu0.22.04.1+esm6
7:4.4.2-0ubuntu0.22.04.1+esm7
7:4.4.2-0ubuntu0.22.04.1+esm8
7:4.4.2-0ubuntu0.22.04.1+esm9
7:4.4.2-0ubuntu0.22.04.1+esm10
Ecosystem specific
{
"binaries": [
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavdevice58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter-extra7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavutil-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavutil56"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libpostproc-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libpostproc55"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswresample-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswresample3"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswscale-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswscale5"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:24.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5+esm7?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:6.1.1-3ubuntu5+esm7
Affected versions
7:6.*
7:6.0-6ubuntu1
7:6.0-9ubuntu1
7:6.1-2ubuntu1
7:6.1-3ubuntu1
7:6.1-4ubuntu1
7:6.1-5ubuntu1
7:6.1.1-1ubuntu1
7:6.1.1-3ubuntu1
7:6.1.1-3ubuntu5
7:6.1.1-3ubuntu5+esm1
7:6.1.1-3ubuntu5+esm2
7:6.1.1-3ubuntu5+esm3
7:6.1.1-3ubuntu5+esm4
7:6.1.1-3ubuntu5+esm5
7:6.1.1-3ubuntu5+esm6
Ecosystem specific
{
"binaries": [
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavdevice60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter-extra9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavutil-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavutil58"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libpostproc-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libpostproc57"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswresample-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswresample4"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswscale-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswscale7"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:25.10 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu4.2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:7.1.1-1ubuntu4.2
Affected versions
7:7.*
7:7.1.1-1ubuntu1
7:7.1.1-1ubuntu2
7:7.1.1-1ubuntu3
7:7.1.1-1ubuntu4
7:7.1.1-1ubuntu4.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec-extra61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavdevice61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter-extra10"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter10"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat-extra61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavutil-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavutil59"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libpostproc-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libpostproc58"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswresample-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswresample5"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswscale-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswscale8"
}
],
"availability": "No subscription required"
}