Skip to content

Backport fixes for CVE-2025-64181 etc. in OpenEXRCore #3903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Backport fixes for CVE-2025-64181 etc. in OpenEXRCore #3903

wants to merge 1 commit into from
+22 −6

Conversation

@musicinmybrain
Copy link
Contributor

@musicinmybrain musicinmybrain commented Dec 2, 2025

Description of Change(s)

This PR attempts to backport fixes for CVE-2025-64181 / GHSA-3h9h-qfvw-98hq and other issues from OpenEXR 3.4.3.

I have made a reasonable effort to backport these intelligently, but it’s not easy for me to test this PR properly other than confirming that it still compiles.

It might be even better to rebase the bundled and modified copy of OpenEXRCore (as described in #2619) on a later version, but that’s far beyond what I can reasonably offer in a PR.

Link to proposal (if applicable)

N/A

Fixes Issue(s)

Checklist

N/A, no new functionality

  • I have verified that all unit tests pass with the proposed changes

N/A; it is hard for me to run these locally

@jesschimein
Copy link
Collaborator

jesschimein commented Dec 2, 2025

Filed as internal issue #USD-11678

(This is an automated message. See here for more information.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@musicinmybrain @jesschimein