3 matches found
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...
CVE-2026-34589
OpenEXR vulnerability CVE-2026-34589 involves an integer overflow in the DWA lossy decoder. From 3.2.0 to before 3.2.7, 3.3.0 to before 3.3.9, and 3.4.0 to before 3.4.9, the decoder computes per-component block pointers with signed 32-bit arithmetic, which can overflow for large widths and cause ...
CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...