Home

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of pyOpenEXR_old.cpp. The legacy adapter defines PyObject_StealAttrString that calls PyObject_GetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then pass this dangling pointer to APIs like PyLong_AsLong/PyFloat_AsDouble, resulting in a use-after-free. This is invoked in multiple places (e.g., reading PixelType.v, Box2i, V2f, etc.) Versions 3.2.5, 3.3.6, and 3.4.3 fix the issue.

PUBLISHED Reserved 2025-10-28 | Published 2025-11-10 | Updated 2025-11-14 | Assigner GitHub_M




MEDIUM: 5.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-416: Use After Free

Product status

>= 3.2.0, < 3.2.5
affected

>= 3.3.0, < 3.3.6
affected

>= 3.4.0, < 3.4.3
affected

References

github.com/...penexr/security/advisories/GHSA-57cw-j6vp-2p9m exploit

github.com/...penexr/security/advisories/GHSA-57cw-j6vp-2p9m

github.com/...b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp

cve.org (CVE-2025-64183)

nvd.nist.gov (CVE-2025-64183)

Download JSON