vulnerability

Alpine Linux: CVE-2025-48072: Out-of-bounds Read

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:N/A:C)	Jul 31, 2025	Dec 5, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:C)

Published

Jul 31, 2025

Added

Dec 5, 2025

Modified

Dec 5, 2025

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.

Solution

alpine-linux-upgrade-openexr

References

CVE-2025-48072
https://attackerkb.com/topics/CVE-2025-48072
URL-https://security.alpinelinux.org/vuln/CVE-2025-48072
CWE-125

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today