EUVD-2026-28298

🗓️ 07 May 2026 04:01:59Reported by EUVDType

OpenEXR IDManifest.init() may read beyond string bounds during prefix compression; patched in 3.2.9, 3.3.11, and 3.4.11.

Reporter	Title	Published	Views	Family All 36
FreeBSD	openexr -- multiple vulnerabilities	29 Apr 202600:00	–	freebsd
ATTACKERKB	CVE-2026-42216	7 May 202604:01	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1713)	26 May 202600:00	–	nessus
Tenable Nessus	FreeBSD : openexr -- multiple vulnerabilities (787cde46-4424-11f1-943f-05b19d100dca)	2 May 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-42216	7 May 202600:00	–	nessus
Amazon	Important: openexr	26 May 202600:00	–	amazon
AlpineLinux	CVE-2026-42216	7 May 202604:01	–	alpinelinux
Chainguard	CVE-2026-42216 vulnerabilities	16 May 202601:18	–	cgr
Circl	CVE-2026-42216	7 May 202606:22	–	circl
CNNVD	OpenEXR 缓冲区错误漏洞	7 May 202600:00	–	cnnvd

[
  {
    "enisaIdVendor": [
      {
        "id": "a5aef601-8895-3235-9328-86e2f0e57aaa",
        "vendor": {
          "name": "AcademySoftwareFoundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2e764205-47c9-3ee8-bd2d-14329c662226",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.11"
      },
      {
        "id": "6e3ab248-6e6e-3cbe-9238-7c2d3ffe6fe0",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.0.0, < 3.2.9"
      },
      {
        "id": "703a0ff2-257d-3a24-9f78-bd07297bfb7e",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.11"
      },
      {
        "id": "74443573-ec8f-3647-969e-6a336cab57ee",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.11"
      },
      {
        "id": "eb3f2d8c-7be1-36fe-a4c5-d09547e5716d",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.11"
      },
      {
        "id": "fb6a5574-3806-35e3-8b75-75e1ae5b1ca1",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.0.0, < 3.2.9"
      }
    ]
  }
]

Source	Link
github	www.github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-65j8-95g9-jgj4

07 May 2026 04:01Current

5.8Medium risk

Vulners AI Score5.8

CVSS 48.8

EPSS0.00064

SSVC