CVE-2025-59732

HIGH

FFmpeg < 8.0 - Out-of-bounds Write in OpenEXR DWAA/DWAB Compression Decoder

Title source: llm

Description

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond.

References (1)

Core 1

Core References

Various Sources

https://issuetracker.google.com/436510316

Scores

CVSS v4 8.7

EPSS 0.0002

EPSS Percentile 5.6%

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

FFmpeg/FFmpeg 7.1.1 - 8.0

FFmpeg/FFmpeg 9a32b863074ed4140141e0d3613905c6f1fe61c5 - 8.0

Published Oct 06, 2025

Tracked Since Feb 18, 2026