PyPI: openexr
CVE-2025-64182
Safety vulnerability ID: SFTY-20260406-40737
Safety legacy ID: pyup.io-92077
Affected versions of the OpenEXR package are vulnerable to a Buffer Overflow due to an integer overflow and unchecked allocation in the legacy Python adapter. The InputFile.channel() and InputFile.channels() methods in PyOpenEXR_old.cpp compute a buffer size as typeSize * width * height without bounds checking, and the return value of the subsequent allocation is never validated before use, leading to a heap overflow on 32-bit systems or a NULL pointer dereference on 64-bit systems. An attacker who supplies a crafted EXR file with an extremely large dataWindow can trigger a crash or potentially achieve arbitrary code execution.
Overview
OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()
Advisory
Affected versions of the OpenEXR package are vulnerable to a Buffer Overflow due to an integer overflow and unchecked allocation in the legacy Python adapter. The InputFile.channel() and InputFile.channels() methods in PyOpenEXR_old.cpp compute a buffer size as typeSize * width * height without bounds checking, and the return value of the subsequent allocation is never validated before use, leading to a heap overflow on 32-bit systems or a NULL pointer dereference on 64-bit systems. An attacker who supplies a crafted EXR file with an extremely large dataWindow can trigger a crash or potentially achieve arbitrary code execution.
Affected Package
Also affects
---
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260406-40737/CVE-2025-64182
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64182
- https://data.safetycli.com/changelogs/openexr/
- https://github.com/advisories/GHSA-vh63-9mqx-wmjr
- https://pypi.org/project/openexr
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vh63-9mqx-wmjr
- https://nvd.nist.gov/vuln/detail/CVE-2025-64182
- https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L528-L536
- https://github.com/advisories/GHSA-vh63-9mqx-wmjr
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more