Linux Distros Unpatched Vulnerability : CVE-2026-40244

🗓️ 22 Apr 2026 00:00:00Reported by TenableType

Linux host unpatched OpenEXR CVE-2026-40244 int overflow in internal_dwa_compressor.h:1722.

Reporter	Title	Published	Views	Family All 94
FreeBSD	OpenEXR -- several integer overflow vulnerabilities	17 Apr 202600:00	–	freebsd
FreeBSD	openexr -- multiple vulnerabilities	26 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-40250	21 Apr 202601:33	–	attackerkb
ATTACKERKB	CVE-2026-40244	21 Apr 202601:30	–	attackerkb
AlpineLinux	CVE-2026-34589	6 Apr 202615:33	–	alpinelinux
AlpineLinux	CVE-2026-40244	21 Apr 202601:30	–	alpinelinux
Circl	CVE-2026-34589	5 Apr 202602:01	–	circl
Circl	CVE-2026-40244	18 Apr 202600:01	–	circl
CNNVD	OpenEXR 缓冲区错误漏洞	6 Apr 202600:00	–	cnnvd
CNNVD	OpenEXR 输入验证错误漏洞	21 Apr 202600:00	–	cnnvd

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2026-40244
ubuntu	www.ubuntu.com/security/CVE-2026-40244
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(309734);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/01");

  script_cve_id("CVE-2026-40244");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-40244");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage
    format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0
    through 3.2.7, `internal_dwa_compressor.h:1722` performs `curc->width * curc->height` in `int32`
    arithmetic without a `(size_t)` cast. This is the same overflow pattern fixed in other locations by the
    recent CVE-2026-34589 batch, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix
    that addresses `internal_dwa_compressor.h:1722`. (CVE-2026-40244)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-40244");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2026-40244");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-40244");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:26.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openexr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openexr");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Debian Linux-14", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10", "Host/OS/Ubuntu Linux-26.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "libopenexr-3-1-30"},
          {"reference": "libopenexr-dev"},
          {"reference": "libopenexr-doc"},
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "libopenexr-3-1-30"},
          {"reference": "libopenexr-dev"},
          {"reference": "libopenexr-doc"},
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "libopenexr-dev"},
          {"reference": "libopenexr25"},
          {"reference": "openexr"},
          {"reference": "openexr-doc"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "libopenexr-3-4-33"},
          {"reference": "libopenexr-dev"},
          {"reference": "libopenexr-doc"},
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libopenexr-dev"},
          {"reference": "libopenexr22"},
          {"reference": "openexr"},
          {"reference": "openexr-doc"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "libopenexr-dev"},
          {"reference": "libopenexr22"},
          {"reference": "openexr"},
          {"reference": "openexr-doc"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Ubuntu Linux-26.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "26.04",
        "pkgs": [
          {"reference": "openexr"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

01 May 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.1

CVSS 48.4

EPSS0.00033

SSVC