CVE-2025-59732

Name

CVE-2025-59732

Description

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve-coordination@google.com	https://b.corp.google.com/issues/436510316
cve-coordination@google.com	https://issuetracker.google.com/436510316

CPE URI	Source package	Min version	Max version
	ffmpeg	>= 9a32b863074ed4140141e0d3613905c6f1fe61c5	< 8.0
	ffmpeg	>= 7.1.1	< 8.0

Source package	Branch	Version	Maintainer	Status
ffmpeg	edge-community	8.0-r0	Achill Gilgenast <achill@achill.org>	fixed
ffmpeg	edge-community	7.1.1-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	7.1.1-r1	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	7.1.2-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable

References

Match rules

Vulnerable and fixed packages