PyPI: openexr
CVE-2025-64183
Safety vulnerability ID: SFTY-20260406-66229
Safety legacy ID: pyup.io-92078
Affected versions of the OpenEXR package are vulnerable to a Use After Free due to improper reference counting in the legacy Python adapter. The PyObject_StealAttrString helper function in PyOpenEXR_old.cpp obtains a new reference via PyObject_GetAttrString, immediately decrements the reference count, and returns the now-dangling pointer, which callers then pass to APIs such as PyLong_AsLong and PyFloat_AsDouble. An attacker who supplies a crafted Python object as a parameter to methods like InputFile.channel() can trigger a segmentation fault or potentially achieve arbitrary code execution through heap manipulation.
Overview
OpenEXR has use after free in PyObject_StealAttrString
Advisory
Affected versions of the OpenEXR package are vulnerable to a Use After Free due to improper reference counting in the legacy Python adapter. The PyObject_StealAttrString helper function in PyOpenEXR_old.cpp obtains a new reference via PyObject_GetAttrString, immediately decrements the reference count, and returns the now-dangling pointer, which callers then pass to APIs such as PyLong_AsLong and PyFloat_AsDouble. An attacker who supplies a crafted Python object as a parameter to methods like InputFile.channel() can trigger a segmentation fault or potentially achieve arbitrary code execution through heap manipulation.
Affected Package
Also affects
---
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260406-66229/CVE-2025-64183
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64183
- https://data.safetycli.com/changelogs/openexr/
- https://github.com/advisories/GHSA-57cw-j6vp-2p9m
- https://pypi.org/project/openexr
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m
- https://nvd.nist.gov/vuln/detail/CVE-2025-64183
- https://github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp#L109-L115
- https://github.com/advisories/GHSA-57cw-j6vp-2p9m
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more