Search
Search is not available in local development.
Run npx pagefind --site __site after building to enable it.
JLSEC-2026-644 CVSS_V4

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run...

JLSEC Published
Modified
Severity
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Affected Packages
FFMPEG_jll >= 7.1.1+0, < 8.0.0+0
FFplay_jll >= 7.1.1+0, < 8.1.2+0
Aliases / Upstream
CVE-2025-59731 GHSA-p7r5-qh99-qchm EUVD-2025-32181

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data.

We read rlerawsize from the input file at [0], we decompress and decode into the buffer td->rlerawdata of size rlerawsize at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rlerawsize / 2, which may exceed rlerawsize.

We recommend upgrading to version 8.0 or beyond.

References