CVE-2025-48073 MEDIUM

CVE-2025-48073: OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode

Vendor Academysoftwarefoundation
Product openexr
Weakness CWE-476
Published July 31, 2025
Last update July 31, 2025

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.

Key dates

02Disclosure timeline

July 31, 2025 CVE published
July 31, 2025 Record updated

Related vulnerabilities

04Related CVE