libIex-3_3-32-3.3.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15415-1 Final 1 1 2025-08-06T00:00:00Z current 2025-08-06T00:00:00Z 2025-08-06T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libIex-3_3-32-3.3.5-1.1 on GA media These are all security issues fixed in the libIex-3_3-32-3.3.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15415 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-48071/ SUSE CVE CVE-2025-48071 page https://www.suse.com/security/cve/CVE-2025-48072/ SUSE CVE CVE-2025-48072 page https://www.suse.com/security/cve/CVE-2025-48073/ SUSE CVE CVE-2025-48073 page https://www.suse.com/security/cve/CVE-2025-48074/ SUSE CVE CVE-2025-48074 page openSUSE Tumbleweed libIex-3_3-32-3.3.5-1.1 libIex-3_3-32-32bit-3.3.5-1.1 libIex-3_3-32-x86-64-v3-3.3.5-1.1 libIlmThread-3_3-32-3.3.5-1.1 libIlmThread-3_3-32-32bit-3.3.5-1.1 libIlmThread-3_3-32-x86-64-v3-3.3.5-1.1 libOpenEXR-3_3-32-3.3.5-1.1 libOpenEXR-3_3-32-32bit-3.3.5-1.1 libOpenEXR-3_3-32-x86-64-v3-3.3.5-1.1 libOpenEXRCore-3_3-32-3.3.5-1.1 libOpenEXRCore-3_3-32-32bit-3.3.5-1.1 libOpenEXRCore-3_3-32-x86-64-v3-3.3.5-1.1 libOpenEXRUtil-3_3-32-3.3.5-1.1 libOpenEXRUtil-3_3-32-32bit-3.3.5-1.1 libOpenEXRUtil-3_3-32-x86-64-v3-3.3.5-1.1 openexr-3.3.5-1.1 openexr-devel-3.3.5-1.1 openexr-doc-3.3.5-1.1 libIex-3_3-32-3.3.5-1.1 as a component of openSUSE Tumbleweed libIex-3_3-32-32bit-3.3.5-1.1 as a component of openSUSE Tumbleweed libIex-3_3-32-x86-64-v3-3.3.5-1.1 as a component of openSUSE Tumbleweed libIlmThread-3_3-32-3.3.5-1.1 as a component of openSUSE Tumbleweed libIlmThread-3_3-32-32bit-3.3.5-1.1 as a component of openSUSE Tumbleweed libIlmThread-3_3-32-x86-64-v3-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXR-3_3-32-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXR-3_3-32-32bit-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXR-3_3-32-x86-64-v3-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXRCore-3_3-32-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXRCore-3_3-32-32bit-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXRCore-3_3-32-x86-64-v3-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXRUtil-3_3-32-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXRUtil-3_3-32-32bit-3.3.5-1.1 as a component of openSUSE Tumbleweed libOpenEXRUtil-3_3-32-x86-64-v3-3.3.5-1.1 as a component of openSUSE Tumbleweed openexr-3.3.5-1.1 as a component of openSUSE Tumbleweed openexr-devel-3.3.5-1.1 as a component of openSUSE Tumbleweed openexr-doc-3.3.5-1.1 as a component of openSUSE Tumbleweed OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3. CVE-2025-48071 openSUSE Tumbleweed:libIex-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:openexr-3.3.5-1.1 openSUSE Tumbleweed:openexr-devel-3.3.5-1.1 openSUSE Tumbleweed:openexr-doc-3.3.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-48071.html CVE-2025-48071 https://bugzilla.suse.com/1247552 SUSE Bug 1247552 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3. CVE-2025-48072 openSUSE Tumbleweed:libIex-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:openexr-3.3.5-1.1 openSUSE Tumbleweed:openexr-devel-3.3.5-1.1 openSUSE Tumbleweed:openexr-doc-3.3.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-48072.html CVE-2025-48072 https://bugzilla.suse.com/1247551 SUSE Bug 1247551 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3. CVE-2025-48073 openSUSE Tumbleweed:libIex-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:openexr-3.3.5-1.1 openSUSE Tumbleweed:openexr-devel-3.3.5-1.1 openSUSE Tumbleweed:openexr-doc-3.3.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-48073.html CVE-2025-48073 https://bugzilla.suse.com/1247550 SUSE Bug 1247550 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3. CVE-2025-48074 openSUSE Tumbleweed:libIex-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIex-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libIlmThread-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXR-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRCore-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-32bit-3.3.5-1.1 openSUSE Tumbleweed:libOpenEXRUtil-3_3-32-x86-64-v3-3.3.5-1.1 openSUSE Tumbleweed:openexr-3.3.5-1.1 openSUSE Tumbleweed:openexr-devel-3.3.5-1.1 openSUSE Tumbleweed:openexr-doc-3.3.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-48074.html CVE-2025-48074 https://bugzilla.suse.com/1247504 SUSE Bug 1247504