CVE-2025-59731

Name

CVE-2025-59731

Description

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve-coordination@google.com	https://b.corp.google.com/issues/436510153
cve-coordination@google.com	https://issuetracker.google.com/436510153

CPE URI	Source package	Min version	Max version
	ffmpeg	>= 9a32b863074ed4140141e0d3613905c6f1fe61c5	< 8.0
	ffmpeg	>= 7.1.1	< 8.0

Source package	Branch	Version	Maintainer	Status
ffmpeg	edge-community	8.0-r0	Achill Gilgenast <achill@achill.org>	fixed
ffmpeg	edge-community	7.1.1-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	7.1.1-r1	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	7.1.2-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable

References

Match rules

Vulnerable and fixed packages