Security update for openexr SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:21014-1 Final 1 1 2025-11-19T09:46:11Z current 2025-11-19T09:46:11Z 2025-11-19T09:46:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openexr This update for openexr fixes the following issues: - CVE-2025-64181: Fixed use of uninitialized memory in function generic_unpack() (bsc#1253233) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLES-16.0-30 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202521014-1/ Link for SUSE-SU-2025:21014-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023382.html E-Mail link for SUSE-SU-2025:21014-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253233 SUSE Bug 1253233 https://www.suse.com/security/cve/CVE-2025-64181/ SUSE CVE CVE-2025-64181 page SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP Applications 16.0 libIex-3_2-31-3.2.2-160000.3.1 libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 libIlmThread-3_2-31-3.2.2-160000.3.1 libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 libOpenEXR-3_2-31-3.2.2-160000.3.1 libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 libOpenEXRCore-3_2-31-3.2.2-160000.3.1 libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 openexr-3.2.2-160000.3.1 openexr-doc-3.2.2-160000.3.1 libIex-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libIlmThread-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libOpenEXR-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libOpenEXRCore-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 openexr-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 openexr-doc-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 libIex-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libIlmThread-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libOpenEXR-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libOpenEXRCore-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 openexr-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 openexr-doc-3.2.2-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 16.0 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue. CVE-2025-64181 SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.3.1 SUSE Linux Enterprise Server 16.0:openexr-doc-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libIex-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libIlmThread-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:openexr-3.2.2-160000.3.1 SUSE Linux Enterprise Server for SAP Applications 16.0:openexr-doc-3.2.2-160000.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202521014-1/ https://www.suse.com/security/cve/CVE-2025-64181.html CVE-2025-64181 https://bugzilla.suse.com/1253233 SUSE Bug 1253233