Security update for openexr SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025-20056-1 Final 1 1 2025-11-19T09:45:59Z current 2025-11-19T09:45:59Z 2025-11-19T09:45:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openexr This update for openexr fixes the following issues: - CVE-2025-64181: Fixed use of uninitialized memory in function generic_unpack() (bsc#1253233) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-30 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253233 SUSE Bug 1253233 https://www.suse.com/security/cve/CVE-2025-64181/ SUSE CVE CVE-2025-64181 page openSUSE Leap 16.0 libIex-3_2-31-3.2.2-160000.3.1 libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 libIlmThread-3_2-31-3.2.2-160000.3.1 libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 libOpenEXR-3_2-31-3.2.2-160000.3.1 libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 libOpenEXRCore-3_2-31-3.2.2-160000.3.1 libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 openexr-3.2.2-160000.3.1 openexr-devel-3.2.2-160000.3.1 openexr-doc-3.2.2-160000.3.1 libIex-3_2-31-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libIlmThread-3_2-31-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libOpenEXR-3_2-31-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libOpenEXRCore-3_2-31-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 openexr-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 openexr-devel-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 openexr-doc-3.2.2-160000.3.1 as a component of openSUSE Leap 16.0 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue. CVE-2025-64181 openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.3.1 openSUSE Leap 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.3.1 openSUSE Leap 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.3.1 openSUSE Leap 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.3.1 openSUSE Leap 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 openSUSE Leap 16.0:openexr-3.2.2-160000.3.1 openSUSE Leap 16.0:openexr-devel-3.2.2-160000.3.1 openSUSE Leap 16.0:openexr-doc-3.2.2-160000.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-64181.html CVE-2025-64181 https://bugzilla.suse.com/1253233 SUSE Bug 1253233