CVE-2025-48073

Publication date 31 July 2025

Last updated 4 August 2025

Ubuntu priority

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openexr	25.10 questing	Not affected
	25.04 plucky	Ignored end of life, was needs-triage
	24.04 LTS noble	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-48073
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-qhpm-86v7-phmm
https://github.com/ShielderSec/poc/tree/main/CVE-2025-48073

CVE-2025-48073

Description

Status

References

Other references

Access our resources on patching vulnerabilities