EUVD-2026-19305

🗓️ 06 Apr 2026 15:21:06Reported by EUVDType

OpenEXR misaligned memory write in LossyDctDecoder during FLOAT conversion; fixed in 3.2.7.

Reporter	Title	Published	Views	Family All 51
FreeBSD	openexr -- multiple vulnerabilities	26 Mar 202600:00	–	freebsd
AlpineLinux	CVE-2026-34379	6 Apr 202615:21	–	alpinelinux
Circl	CVE-2026-34379	5 Apr 202602:01	–	circl
CNNVD	OpenEXR 安全漏洞	6 Apr 202600:00	–	cnnvd
CVE	CVE-2026-34379	6 Apr 202615:21	–	cve
Cvelist	CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)	6 Apr 202615:21	–	cvelist
Debian CVE	CVE-2026-34379	6 Apr 202615:21	–	debiancve
Fedora	[SECURITY] Fedora 44 Update: usd-26.03-3.fc44	25 Apr 202601:55	–	fedora
Fedora	[SECURITY] Fedora 42 Update: mingw-openexr-3.3.9-1.fc42	16 Apr 202601:09	–	fedora
Fedora	[SECURITY] Fedora 43 Update: mingw-openexr-3.3.9-1.fc43	16 Apr 202600:55	–	fedora

[
  {
    "enisaIdVendor": [
      {
        "id": "95325c50-3806-34c5-8510-e18ce9a5d683",
        "vendor": {
          "name": "AcademySoftwareFoundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "382bd2eb-c086-3ee9-811c-6ff3d9c0285a",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.9"
      },
      {
        "id": "516fd064-b33d-34e7-b567-f11ed242baa7",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.2.0, < 3.2.7"
      },
      {
        "id": "5721c95d-e3c0-371f-b0b2-59b8f6a4f3a0",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.9"
      }
    ]
  }
]

Source	Link
github	www.github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24

06 Apr 2026 15:21Current

6Medium risk

Vulners AI Score6

CVSS 3.17.1

EPSS0.00271

SSVC