8.7
CVE-2025-59732
- EPSS 0.02%
- Veröffentlicht 06.10.2025 08:09:31
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cve-coordination@google.com
- CVE-Watchlists
- Unerledigt
Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerFFmpeg
≫
Produkt
FFmpeg
Default Statusunaffected
Version
9a32b863074ed4140141e0d3613905c6f1fe61c5
Version <
8.0
Status
affected
Version
7.1.1
Version <
8.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.054 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve-coordination@google.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.