Lucene search
K

Python Library OpenEXR 3.3.x < 3.3.7 / 3.4.x < 3.4.5 Heap Buffer Overflow (OOB Read)

🗓️ 06 Mar 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

OpenEXR Python library before 3.3.7 or 3.4.5 has a heap overflow in istream_nonparallel_read.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-26981
24 Feb 202602:26
attackerkb
AlpineLinux
CVE-2026-26981
24 Feb 202602:26
alpinelinux
Chainguard
CVE-2026-26981 vulnerabilities
26 Feb 202619:17
cgr
Circl
CVE-2026-26981
21 Feb 202621:21
circl
CNNVD
OpenEXR 安全漏洞
24 Feb 202600:00
cnnvd
CVE
CVE-2026-26981
24 Feb 202602:26
cve
Cvelist
CVE-2026-26981 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
24 Feb 202602:26
cvelist
Debian CVE
CVE-2026-26981
24 Feb 202602:26
debiancve
EUVD
EUVD-2026-7407
6 Apr 202617:51
euvd
Fedora
[SECURITY] Fedora 42 Update: mingw-openexr-3.3.8-1.fc42
17 Mar 202602:12
fedora
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(301139);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");

  script_cve_id("CVE-2026-26981");
  script_xref(name:"IAVA", value:"2026-A-0206-S");

  script_name(english:"Python Library OpenEXR 3.3.x < 3.3.7 / 3.4.x < 3.4.5 Heap Buffer Overflow (OOB Read)");

  script_set_attribute(attribute:"synopsis", value:
"A Python library installed on the remote host is affected by a heap buffer overflow vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of the OpenEXR Python package installed on the remote host is 3.3.x prior to 3.3.7 or 3.4.x prior to
3.4.5. It is, therefore, affected by a heap buffer overflow vulnerability:

  - A heap-buffer-overflow (out-of-bounds read) occurs in the istream_nonparallel_read function in
    ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer
    subtraction produces a negative value that is implicitly converted to size_t, resulting in a massive
    length being passed to memcpy. (CVE-2026-26981)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0a0a66ef");
  script_set_attribute(attribute:"solution", value:
"Upgrade to OpenEXR version 3.3.7, 3.4.5 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-26981");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"asset_categories", value:"component");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:academysoftwarefoundation:openexr");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_packages_installed_nix.nbin", "python_packages_win_installed.nbin");
  script_require_ports("Host/nix/Python/Packages/Enumerated", "Host/win/Python/Packages/Enumerated");

  exit(0);
}

include('python.inc');

var pkg = 'OpenEXR';

var libs = python::get_package_info(pkg_name:pkg, cpe:"cpe:/a:academysoftwarefoundation:openexr");

if (empty_or_null(libs))
  audit(AUDIT_NOT_INST, pkg);

vcf::check_all_backporting(app_info:libs);

var constraints = [
  { 'min_version' : '3.3.0' , 'fixed_version' : '3.3.7' },
  { 'min_version' : '3.4.0' , 'fixed_version' : '3.4.5' }
];

vcf::check_version_and_report(
  app_info:libs,
  constraints:constraints,
  severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Apr 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.16.5
EPSS0.00523
SSVC
2