EUVD-2026-28300

🗓️ 07 May 2026 04:04:54Reported by EUVDType

readVariableLengthInteger can cause undefined behavior from large shifts; fixed in 3.2.9 3.3.11 3.4.11.

Reporter	Title	Published	Views	Family All 37
FreeBSD	openexr -- multiple vulnerabilities	29 Apr 202600:00	–	freebsd
ATTACKERKB	CVE-2026-42217	7 May 202604:04	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1713)	26 May 202600:00	–	nessus
Tenable Nessus	FreeBSD : openexr -- multiple vulnerabilities (787cde46-4424-11f1-943f-05b19d100dca)	2 May 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-42217	7 May 202600:00	–	nessus
Amazon	Important: openexr	26 May 202600:00	–	amazon
AlpineLinux	CVE-2026-42217	7 May 202604:04	–	alpinelinux
Chainguard	CVE-2026-42217 vulnerabilities	16 May 202601:18	–	cgr
Circl	CVE-2026-42217	7 May 202606:27	–	circl
CNNVD	OpenEXR 输入验证错误漏洞	7 May 202600:00	–	cnnvd

[
  {
    "enisaIdVendor": [
      {
        "id": "1dba2beb-b523-3a59-9839-c55c4bc63060",
        "vendor": {
          "name": "AcademySoftwareFoundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "092c2b5a-a2d4-32ef-bf48-07d695c7d552",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.11"
      },
      {
        "id": "12e1edb7-739d-3c57-a405-8dd01d3b0d17",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.0.0, < 3.2.9"
      },
      {
        "id": "2cd700ae-c5b0-3d4b-b8d1-3083da303d48",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.0.0, < 3.2.9"
      },
      {
        "id": "580747d4-74a1-3c9f-a5ef-a7c0090e9254",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.11"
      },
      {
        "id": "95f95c80-4b1b-32d6-b5ed-1701918af305",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.4.0, < 3.4.11"
      },
      {
        "id": "e7624d78-a271-34a7-a3a3-10c90a17ddce",
        "product": {
          "name": "OpenEXR"
        },
        "product_version": "3.3.0, < 3.3.11"
      }
    ]
  }
]

Source	Link
github	www.github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3c67-4wwp-w52m
github	www.github.com/AcademySoftwareFoundation/openexr/pull/2378
github	www.github.com/AcademySoftwareFoundation/openexr/commit/21eaa33bcbbb0c83a5fc42f6b6d65b70a996e63c

07 May 2026 04:04Current

5.8Medium risk

Vulners AI Score5.8

CVSS 46.3

EPSS0.00057

SSVC