EUVD-2026-24046

🗓️ 21 Apr 2026 01:30:55Reported by EUVDType

OpenEXR int32 overflow multiplying width by height at internal_dwa_compressor.h:1722; affected 3.2.x–3.4.x; fixed in 3.2.8, 3.3.10, 3.4.10.

Reporter	Title	Published	Views	Family All 93
FreeBSD	OpenEXR -- several integer overflow vulnerabilities	17 Apr 202600:00	–	freebsd
FreeBSD	openexr -- multiple vulnerabilities	26 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-40250	21 Apr 202601:33	–	attackerkb
ATTACKERKB	CVE-2026-40244	21 Apr 202601:30	–	attackerkb
AlpineLinux	CVE-2026-34589	6 Apr 202615:33	–	alpinelinux
AlpineLinux	CVE-2026-40244	21 Apr 202601:30	–	alpinelinux
AlpineLinux	CVE-2026-40250	21 Apr 202601:33	–	alpinelinux
Circl	CVE-2026-34589	5 Apr 202602:01	–	circl
Circl	CVE-2026-40244	18 Apr 202600:01	–	circl
CNNVD	OpenEXR 缓冲区错误漏洞	6 Apr 202600:00	–	cnnvd

[
  {
    "enisaIdVendor": [
      {
        "id": "c21f4127-9c67-3835-a9b2-56534bff0de4",
        "vendor": {
          "name": "AcademySoftwareFoundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "627d4fc5-6ce8-3737-93f2-07fd111e0ecc",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.10"
      },
      {
        "id": "8ab25a63-e9a7-3d67-a50f-d32bc0f5c486",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.10"
      },
      {
        "id": "daba9ba4-9f08-3693-8f47-9c51575060ac",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.10"
      },
      {
        "id": "f39bedc8-a504-3de8-9567-1c9bf54f98c0",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.2.0, < 3.2.8"
      },
      {
        "id": "f4c1efca-0f51-3114-b4e3-ff1b46021aaf",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.2.0, < 3.2.8"
      },
      {
        "id": "f67c8b3c-ef44-3ff8-afad-c5dea81ed2bf",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.10"
      }
    ]
  }
]

Source	Link
github	www.github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-j526-66f6-fxhx
github	www.github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8
github	www.github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10
github	www.github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10

21 Apr 2026 01:30Current

5.8Medium risk

Vulners AI Score5.8

CVSS 48.4

CVSS 3.15

EPSS0.00033

SSVC