rootio-openexr: Unauthenticated Data Exposure in Image Files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-openexr: Unauthenticated Data Exposure in Image Files

ROOT-OS-DEBIAN-11-CVE-2025-12839

Summary

The rootio-openexr package, used to read and write image files, has a vulnerability that allows attackers to access sensitive data without a password. This means that if an attacker can manipulate image files, they might be able to view or steal sensitive information. Update your system to the latest version of rootio-openexr to fix this issue.

What to do

Update rootio-openexr to version 2.5.4-2+deb11u1.root.io.9.

Affected software

Vendor	Product	Affected versions	Fix available
–	rootio-openexr	<= 2.5.4-2+deb11u1.root.io.9	2.5.4-2+deb11u1.root.io.9

Original title

CVE-2025-12839 in rootio-openexr - Patched by Root

Original description

Root has patched CVE-2025-12839 in the rootio-openexr package for Root:Debian:11. Multiple fixed versions available.

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026