CVE-2025-48071
Published: 31 July 2025
Summary
CVE-2025-48071 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Openexr Openexr. Its CVSS base score is 8.4 (High).
Operationally, ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23304
Vulnerability details
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep…
more
scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.