CVE-2025-48071
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
| Software | From | Fixed in |
|---|---|---|
OpenEXR
|
3.3.0 | 3.3.3 |
| openexr / openexr | 3.3.0 | 3.3.3 |
- https://github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876f
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375
- https://github.com/ShielderSec/poc/tree/main/CVE-2025-48071
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime