Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux Distros Unpatched Vulnerability : CVE-2026-44663

🗓️ 20 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 2 Views

Linux OpenEXR 3.4.0–3.4.11 has a heap overflow in ht_undo_impl during HTJ2K EXR decoding; fixed in 3.4.12.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD		openexr -- multiple vulnerabilities
26 Mar 202600:00
freebsd
FreeBSD		OpenEXR -- 3.4.12 fixes multiple vulnerabilities
25 May 202600:00
freebsd
ATTACKERKB		CVE-2026-44663
18 Jun 202620:20
attackerkb
Tenable Nessus		Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1612)
30 Apr 202600:00
nessus
Tenable Nessus		Fedora 44 : usd (2026-502486fc61)
27 Apr 202600:00
nessus
Tenable Nessus		Fedora 45 : usd (2026-c0f8cde7ad)
8 Apr 202600:00
nessus
Tenable Nessus		Fedora 43 : usd (2026-cde75a1416)
17 Apr 202600:00
nessus
Tenable Nessus		FreeBSD : openexr -- multiple vulnerabilities (adb096d4-2e72-11f1-acc1-339a1a6999b0)
5 Apr 202600:00
nessus
Tenable Nessus		FreeBSD : OpenEXR -- 3.4.12 fixes multiple vulnerabilities (ca91c020-5820-11f1-b38d-9be2e6022e28)
28 May 202600:00
nessus
Tenable Nessus		Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities
17 Jun 202600:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(321778);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/21");

  script_cve_id("CVE-2026-44663");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-44663");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the
    motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in
    src/lib/OpenEXRCore/internal_ht.cpp leads to a heap-buffer overflow when decoding a crafted
    HTJ2K-compressed EXR file. decode->channels[i].width (int32_t) is multiplied by bytes_per_element in
    32-bit signed arithmetic. With large widths (e.g., >= 536870912 for FLOAT data), this overflows, producing
    a corrupted offset that is later used for pointer arithmetic and can cause a heap out-of-bounds write. The
    same unchecked multiplication pattern appears in two other HTJ2K paths (bytes-per-line accumulation and
    pixel-line pointer advancement). As with related CVE-2026-34378 through CVE-2026-34589 fixes in other
    codecs, validating only after the multiplication is too late because the value may already be overflowed.
    This issue has been fixed in version 3.4.12. (CVE-2026-44663)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2026-44663");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-44663");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-44663");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:OpenEXR");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:OpenEXR-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:OpenEXR-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openexr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openexr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openexr-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openexr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:OpenEXR");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:OpenEXR-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:OpenEXR-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openexr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openexr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openexr-libs");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/CentOS Linux-8", "Host/OS/Debian Linux-14", "Host/OS/Red Hat Enterprise Linux-10", "Host/OS/Red Hat Enterprise Linux-8", "Host/OS/Red Hat Enterprise Linux-9");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/Debian/dpkg-l")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "libopenexr-3-4-33"},
          {"reference": "libopenexr-dev"},
          {"reference": "libopenexr-doc"},
          {"reference": "openexr"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-10": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "10",
        "pkgs": [
          {"reference": "openexr"},
          {"reference": "openexr-devel"},
          {"reference": "openexr-libs"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-9": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "9",
        "pkgs": [
          {"reference": "openexr"},
          {"reference": "openexr-devel"},
          {"reference": "openexr-libs"}
        ]
      }
    ]
  },
  "CentOS Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "OpenEXR"},
          {"reference": "OpenEXR-devel"},
          {"reference": "OpenEXR-libs"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "OpenEXR"},
          {"reference": "OpenEXR-devel"},
          {"reference": "OpenEXR-libs"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jun 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.16.5
EPSS0.00253
SSVC
openexr vulnerabilityheap overflowexr decodinghtj2k decodingsoftware patch
2