High severity7.8NVD Advisory· Published Jul 31, 2025· Updated Jun 17, 2026
CVE-2025-48071
CVE-2025-48071
Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
OpenEXRPyPI | >= 3.3.0, < 3.3.3 | 3.3.3 |
Affected products
3- ghsa-coords2 versions
>= 3.3.0, < 3.3.3+ 1 more
- (no CPE)range: >= 3.3.0, < 3.3.3
- (no CPE)range: < 3.3.5-1.1
- AcademySoftwareFoundation/openexrv5Range: >= 3.3.0, < 3.3.3
Patches
Vulnerability mechanics
References
6- github.com/AcademySoftwareFoundation/openexr/commit/916cc729e24aa16b86d82813f6e136340ab2876fnvdPatchWEB
- github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-h45x-qhg2-q375ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-48071ghsaADVISORY
- github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.3nvdRelease NotesWEB
- github.com/ShielderSec/poc/tree/main/CVE-2025-48071ghsaWEB
News mentions
0No linked articles in our index yet.