CVE-2025-59732
- Source
- https://cve.org/CVERecord?id=CVE-2025-59732
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59732.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-59732
- Downstream
- Published
- 2025-10-06T08:09:31.276Z
- Modified
- 2026-05-01T04:30:02.287984Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
- Summary
- Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress
- Details
-
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8.
If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8.
The buffer td->uncompresseddata is allocated in decodeblock based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory.
We recommend upgrading to version 8.0 or beyond.
- Database specific
{ "cwe_ids": [ "CWE-787" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59732.json", "cna_assigner": "Google" }- References
Affected packages
Git / git.ffmpeg.org/ffmpeg.git
Affected ranges
- Type
- GIT
- Repo
- https://git.ffmpeg.org/ffmpeg.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
- Database specific
{ "extracted_events": [ { "introduced": "9a32b863074ed4140141e0d3613905c6f1fe61c5" }, { "fixed": "8.0" }, { "introduced": "7.1.1" }, { "fixed": "8.0" } ], "source": "AFFECTED_FIELD" }
Affected versions
Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev
n4.*
n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev
n5.*
n5.1-dev
n5.2-dev
n6.*
n6.1-dev
n6.2-dev
n7.*
n7.1-dev
n7.2-dev