The vulnerability CVE-2025-64183 affects the openexr library maintained by the AcademySoftwareFoundation, which implements the EXR image format widely used in the motion picture industry. The issue lies in the legacy Python adapter code (pyOpenEXR_old.cpp), specifically in the function PyObject_StealAttrString. This function calls PyObject_GetAttrString to obtain a new Python object reference, immediately decrements the reference count, and returns the pointer. This results in a dangling pointer being returned to the caller. Subsequent calls to Python C API functions such as PyLong_AsLong or PyFloat_AsDouble with this dangling pointer cause a use-after-free condition. This vulnerability is triggered when reading certain EXR file attributes like PixelType.v, Box2i, and V2f, which are common in image processing workflows. The affected versions are 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2. The flaw can lead to memory corruption, application crashes, or potentially arbitrary code execution if an attacker can supply malicious EXR files or manipulate the processing environment. The CVSS 4.0 score is 5.5 (medium severity), reflecting a local attack vector with no privileges or user interaction required but with high impact on availability. The vulnerability was published on November 10, 2025, and fixed in versions 3.2.5, 3.3.6, and 3.4.3. No known exploits have been reported in the wild to date.

For European organizations, particularly those in the media, film production, visual effects, and animation sectors that rely on openexr for image processing, this vulnerability poses a risk of application crashes and potential arbitrary code execution. Exploitation could disrupt production pipelines, cause data corruption, or enable attackers to execute malicious code within the context of affected applications. Since openexr is widely used in professional imaging workflows, any compromise could lead to significant operational downtime and intellectual property risks. The local attack vector means that exploitation requires the ability to process or open crafted EXR files, which could be delivered via insider threats, compromised build systems, or malicious third-party content. The medium severity indicates moderate risk but should not be underestimated given the critical nature of media production environments in Europe.

European organizations should immediately upgrade openexr to versions 3.2.5, 3.3.6, or 3.4.3 or later to remediate this vulnerability. Additionally, they should audit and restrict the sources of EXR files processed in their environments to trusted origins only, implementing file integrity checks and sandboxing of image processing workflows to limit the impact of potential exploitation. Employing runtime memory protection tools such as AddressSanitizer or similar can help detect use-after-free issues during development and testing. Monitoring application logs for crashes or unusual behavior related to EXR file handling is recommended. Organizations should also review their Python bindings usage and consider migrating away from legacy adapters if feasible. Finally, incorporating EXR file validation and scanning in the content ingestion pipeline can reduce the risk of malicious file processing.