{"id":"CVE-2025-59731","summary":"Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress","details":"When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data.\n\nWe read rle_raw_size from the input file at [0], we decompress and decode into the buffer td-\u003erle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td-\u003exsize - 1) * (td-\u003eysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size.\n\n\n\n\nWe recommend upgrading to version 8.0 or beyond.","modified":"2026-05-01T04:30:02.427266Z","published":"2025-10-06T08:09:23.410Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59731.json","cwe_ids":["CWE-787"],"cna_assigner":"Google"},"references":[{"type":"WEB","url":"https://issuetracker.google.com/436510153"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59731.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59731"},{"type":"PACKAGE","url":"https://git.ffmpeg.org/ffmpeg.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.ffmpeg.org/ffmpeg.git","events":[{"introduced":"0"},{"fixed":"140fd653aed8cad774f991ba083e2d01e86420c7"},{"introduced":"db69d06eeeab4f46da15030a80d539efb4503ca8"},{"fixed":"140fd653aed8cad774f991ba083e2d01e86420c7"}],"database_specific":{"extracted_events":[{"introduced":"9a32b863074ed4140141e0d3613905c6f1fe61c5"},{"fixed":"8.0"},{"introduced":"7.1.1"},{"fixed":"8.0"}],"source":"AFFECTED_FIELD"}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev","n3.5-dev","n4.1-dev","n4.2-dev","n4.3-dev","n4.4-dev","n4.5-dev","n5.1-dev","n5.2-dev","n6.1-dev","n6.2-dev","n7.1-dev","n7.2-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59731.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"}]}