Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of pyOpenEXR_old.cpp. The legacy adapter defines PyObject_StealAttrString that calls PyObject_GetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then pass this dangling pointer to APIs like PyLong_AsLong/PyFloat_AsDouble, resulting in a use-after-free. This is invoked in multiple places (e.g., reading PixelType.v, Box2i, V2f, etc.) Versions 3.2.5, 3.3.6, and 3.4.3 fix the issue.

Published

2025-11-10T22:15:37.323

Last Modified

2025-12-08T16:00:58.283

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openexr	openexr	< 3.2.5	Yes
Application	openexr	openexr	< 3.3.6	Yes
Application	openexr	openexr	< 3.4.3	Yes

References

https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L109-L115 Product ([email protected])
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m Exploit, Vendor Advisory ([email protected])
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m Exploit, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)