PyPI: openexr
CVE-2025-48074
Safety vulnerability ID: SFTY-20250801-85386
Safety legacy ID: pyup.io-78657
Affected versions of the OpenEXR package are vulnerable to Denial of Service (DoS) due to excessive memory allocations. The `readScanline()` function in `ImfCheckFile.cpp` and the `EnvmapImage::resize()` function fail to validate the dataWindow coordinates from the EXR file header, leading to unbounded loops and huge memory allocations. The vulnerability was fixed by adding validation checks to prevent large allocations when dataWindow dimensions exceed reasonable limits.
Overview
OpenEXR Out-Of-Memory via Unbounded File Header Values
Advisory
Affected versions of the OpenEXR package are vulnerable to Denial of Service (DoS) due to excessive memory allocations. The `readScanline()` function in `ImfCheckFile.cpp` and the `EnvmapImage::resize()` function fail to validate the dataWindow coordinates from the EXR file header, leading to unbounded loops and huge memory allocations. The vulnerability was fixed by adding validation checks to prevent large allocations when dataWindow dimensions exceed reasonable limits.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20250801-85386/CVE-2025-48074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48074
- https://github.com/AcademySoftwareFoundation/openexr/commit/501be087faa62d0fb7115ce3a0ebd7b4ef0117fc
- https://github.com/advisories/GHSA-x22w-82jp-8rvf
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf
- https://github.com/ShielderSec/poc/tree/main/CVE-2025-48074
- https://nvd.nist.gov/vuln/detail/CVE-2025-48074
- https://github.com/advisories/GHSA-x22w-82jp-8rvf
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more