{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64181", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-10-28T21:07:16.440Z", "datePublished": "2025-11-10T21:23:04.248Z", "dateUpdated": "2025-11-12T21:05:26.971Z"}, "containers": {"cna": {"title": "OpenEXR Makes Use of Uninitialized Memory", "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "lang": "en", "description": "CWE-457: Use of Uninitialized Variable", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq"}, {"name": "https://github.com/user-attachments/files/23024726/archive0.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024726/archive0.zip"}, {"name": "https://github.com/user-attachments/files/23024736/archive1.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024736/archive1.zip"}, {"name": "https://github.com/user-attachments/files/23024740/archive2.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024740/archive2.zip"}, {"name": "https://github.com/user-attachments/files/23024744/archive3.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024744/archive3.zip"}, {"name": "https://github.com/user-attachments/files/23024746/archive4.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024746/archive4.zip"}], "affected": [{"vendor": "AcademySoftwareFoundation", "product": "openexr", "versions": [{"version": ">= 3.3.0, < 3.3.6", "status": "affected"}, {"version": ">= 3.4.0, < 3.4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-10T21:23:04.248Z"}, "descriptions": [{"lang": "en", "value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue."}], "source": {"advisory": "GHSA-3h9h-qfvw-98hq", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T17:36:24.461719Z", "id": "CVE-2025-64181", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T21:05:26.971Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64181", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-10-28T21:07:16.440Z", "datePublished": "2025-11-10T21:23:04.248Z", "dateUpdated": "2025-11-12T21:05:26.971Z"}, "containers": {"cna": {"title": "OpenEXR Makes Use of Uninitialized Memory", "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "lang": "en", "description": "CWE-457: Use of Uninitialized Variable", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq"}, {"name": "https://github.com/user-attachments/files/23024726/archive0.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024726/archive0.zip"}, {"name": "https://github.com/user-attachments/files/23024736/archive1.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024736/archive1.zip"}, {"name": "https://github.com/user-attachments/files/23024740/archive2.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024740/archive2.zip"}, {"name": "https://github.com/user-attachments/files/23024744/archive3.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024744/archive3.zip"}, {"name": "https://github.com/user-attachments/files/23024746/archive4.zip", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/files/23024746/archive4.zip"}], "affected": [{"vendor": "AcademySoftwareFoundation", "product": "openexr", "versions": [{"version": ">= 3.3.0, < 3.3.6", "status": "affected"}, {"version": ">= 3.4.0, < 3.4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-10T21:23:04.248Z"}, "descriptions": [{"lang": "en", "value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue."}], "source": {"advisory": "GHSA-3h9h-qfvw-98hq", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64181", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-12T17:36:24.461719Z"}}}], "references": [{"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T17:36:26.701Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "A83D8F0B-0D0A-403E-8D2E-2FB455041B8A", "versionEndExcluding": "3.3.6", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "78287128-E16E-431F-922F-1F0272327A0D", "versionEndExcluding": "3.4.3", "versionStartIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue."}, {"lang": "es", "value": "OpenEXR proporciona la especificaci\u00f3n y la implementaci\u00f3n de referencia del formato de archivo EXR, un formato de almacenamiento de im\u00e1genes para la industria cinematogr\u00e1fica. En las versiones 3.3.0 a 3.3.5 y 3.4.0 a 3.4.2, al realizar fuzzing en 'openexr_exrcheck_fuzzer', Valgrind informa una bifurcaci\u00f3n condicional que depende de datos no inicializados dentro de 'generic_unpack'. Esto indica un uso de memoria no inicializada. El problema puede resultar en un comportamiento indefinido y/o un posible crash/denegaci\u00f3n de servicio. Las versiones 3.3.6 y 3.4.3 solucionan el problema."}], "id": "CVE-2025-64181", "lastModified": "2025-12-08T15:59:58.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-11-10T22:15:36.933", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/user-attachments/files/23024726/archive0.zip"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/user-attachments/files/23024736/archive1.zip"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/user-attachments/files/23024740/archive2.zip"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/user-attachments/files/23024744/archive3.zip"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/user-attachments/files/23024746/archive4.zip"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-457"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "openexr: Use of Uninitialized Memory inside generic_unpack", "id": "2413902", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413902"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-457", "details": ["OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.", "A vulnerability has been identified in the generic_unpack function of OpenEXR\u2019s file-handling library, where uninitialized memory is read when processing certain malformed EXR files. An attacker who supplies a specially crafted EXR file to a vulnerable application that uses OpenEXR may trigger undefined behavior. This may cause the application to crash, leak memory, or behave unpredictably when the file is opened or parsed."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-64181", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "openexr", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "openexr", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-10T21:23:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-64181\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-64181\nhttps://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq\nhttps://github.com/user-attachments/files/23024726/archive0.zip\nhttps://github.com/user-attachments/files/23024736/archive1.zip\nhttps://github.com/user-attachments/files/23024740/archive2.zip\nhttps://github.com/user-attachments/files/23024744/archive3.zip\nhttps://github.com/user-attachments/files/23024746/archive4.zip"], "statement": "This vulnerability affects all OpenEXR versions beginning with 3.1.0 (https://github.com/AcademySoftwareFoundation/openexr/commit/a04cbf5a48c7a8b6a6dd3b1e2471bde3cd4cb6df), when the new C-based EXR decoding backend was first introduced. Any release that includes this backend inherits the vulnerable generic_unpack implementation and is considered affected.\n~~~\nOpenEXR 1.x (as shipped in Red Hat Enterprise Linux 6 and 7) and OpenEXR 2.x (as shipped in Red Hat Enterprise Linux 8) predate the C-based decoding backend entirely, and therefore are not affected by this issue.\n~~~\n~~~\nAlso, OpenEXR and IlmBase are no longer bundled together. Starting with OpenEXR 3.x, IlmBase was split out into a separate project named Imath. Imath provides math and numerical types (such as half), while OpenEXR contains all EXR image decoding logic. Therefore, vulnerabilities in the EXR decoding backend apply only to OpenEXR \u22653.1.0, not to IlmBase/Imath.\n~~~", "threat_severity": "Low"}

{"created": "2025-11-12T12:48:15.150985+00:00", "updated": "2025-11-12T12:48:15.151035+00:00", "vendors": ["openexr", "openexr$PRODUCT$openexr"]}