CVE-2025-12840
DOCUMENTATION: A flaw was found in OpenEXR. This heap-based buffer overflow vulnerability occurs during EXR file parsing due to improper validation of user-supplied data length. A remote attacker could exploit this by tricking a user into visiting a malicious page or opening a malicious EXR file. Successful exploitation could lead to arbitrary code execution in the context of the current process.
STATEMENT: This vulnerability is rated Important for Red Hat products as it is a heap-based buffer overflow in OpenEXR that could lead to arbitrary code execution. Exploitation requires user interaction, specifically opening a malicious EXR file or visiting a malicious page. Red Hat products are affected if they process untrusted EXR files.
MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are advised to exercise caution when opening untrusted EXR files or visiting untrusted web pages.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://access.redhat.com/security/cve/CVE-2025-12840
Basic Information
