Release date:
2026-04-03 10:14:03 UTC
Description:
- CVE-2025-12495 CVE-2025-12839 CVE-2025-12840: fix heap buffer overflows
in the C core decoding pipeline (missing nread validation in
exr_read_chunk, missing packed/unpacked size check for uncompressed tiles,
missing storage_mode guard in chunk offset computation)
- CVE-2025-64181: fix use of uninitialized memory caused by incompletely
populated scratch buffers (addressed by the same precondition guards in
chunk.c and parse_header.c)
Updated packages:
-
openexr-3.1.1-3.el9.tuxcare.els2.x86_64.rpm
sha:379de33286a94aab5edb06afc39199d70e391dc09285f5975a0ff6de1433561e
-
openexr-devel-3.1.1-3.el9.tuxcare.els2.i686.rpm
sha:d96b4a6425a4959908643b30e835ad1a140b69ee36441483ccb7ae2fe5aad1a8
-
openexr-devel-3.1.1-3.el9.tuxcare.els2.x86_64.rpm
sha:a60d7bd40b66a1b8770bb627c16ee8591c4dfcc0ca6885b427a036974d0fe02e
-
openexr-libs-3.1.1-3.el9.tuxcare.els2.i686.rpm
sha:7a9c4dc4f3535ee588ba646d67c7850c4b9220ea839a1c7b8061b6b27a18c507
-
openexr-libs-3.1.1-3.el9.tuxcare.els2.x86_64.rpm
sha:37d0fff21417bf4c7ce24c49b36ad19a0e25ff2c82136caf4247699c5817930b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
