CVE-2025-64183: OpenEXR has use after free in PyObject_StealAttrString
There is a use-after-free in PyObject_StealAttrString of pyOpenEXR_old.cpp.
This bug was found with ZeroPath.
References
- github.com/AcademySoftwareFoundation/openexr
- github.com/AcademySoftwareFoundation/openexr/blob/b3a19903db0672c63055023aa788e592b16ec3c5/src/wrappers/python/PyOpenEXR_old.cpp
- github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-57cw-j6vp-2p9m
- github.com/advisories/GHSA-57cw-j6vp-2p9m
- nvd.nist.gov/vuln/detail/CVE-2025-64183
Code Behaviors & Features
Detect and mitigate CVE-2025-64183 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →