ГлавнаяУязвимости → CVE-2025-64181
7.5высокая

CVE-2025-64181

→ есть в БДУ: BDU:2026-03140 (на русском)
Описание (на английском; русское — в БДУ выше)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

Затрагиваемое ПО
Openexr Openexr
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hqhttps://github.com/user-attachments/files/23024726/archive0.ziphttps://github.com/user-attachments/files/23024736/archive1.ziphttps://github.com/user-attachments/files/23024740/archive2.ziphttps://github.com/user-attachments/files/23024744/archive3.ziphttps://github.com/user-attachments/files/23024746/archive4.ziphttps://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq