Bug 2413902 (CVE-2025-64181)

Summary: CVE-2025-64181 openexr: Use of Uninitialized Memory inside generic_unpack
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gtanzill, jbuscemi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A vulnerability has been identified in the generic_unpack function of OpenEXR’s file-handling library, where uninitialized memory is read when processing certain malformed EXR files. An attacker who supplies a specially crafted EXR file to a vulnerable application that uses OpenEXR may trigger undefined behavior. This may cause the application to crash, leak memory, or behave unpredictably when the file is opened or parsed.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2418250, 2418247, 2418248, 2418249, 2418251, 2418252    
Bug Blocks:    

Description OSIDB Bzimport 2025-11-10 22:01:34 UTC
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.