vulnerability

Alpine Linux: CVE-2025-48073: NULL Pointer Dereference

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:N/I:N/A:C)	Jul 31, 2025	Dec 5, 2025	Dec 5, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:N/A:C)

Published

Jul 31, 2025

Added

Dec 5, 2025

Modified

Dec 5, 2025

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.

Solution

alpine-linux-upgrade-openexr

References

CVE-2025-48073
https://attackerkb.com/topics/CVE-2025-48073
URL-https://security.alpinelinux.org/vuln/CVE-2025-48073
CWE-476

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today