CVE-2025-64181

OpenEXR Makes Use of Uninitialized Memory

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

INFO

Published Date :

2025-11-10T21:23:04.248Z

Last Modified :

2025-11-12T21:05:26.971Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-64181 vulnerability.

Vendors	Products
Openexr	Openexr

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64181.

URL	Resource
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq
https://github.com/user-attachments/files/23024726/archive0.zip
https://github.com/user-attachments/files/23024736/archive1.zip
https://github.com/user-attachments/files/23024740/archive2.zip
https://github.com/user-attachments/files/23024744/archive3.zip
https://github.com/user-attachments/files/23024746/archive4.zip
https://nvd.nist.gov/vuln/detail/CVE-2025-64181
https://www.cve.org/CVERecord?id=CVE-2025-64181