Lucene search
+L

5 matches found

osv
osv
added 2026/04/17 3:19 p.m.8 views

JLSEC-2026-142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS5.8AI score0.00262EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/04/06 3:33 p.m.2 views

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/04/06 3:31 p.m.3 views

CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.6CVSS7.1AI score0.00482EPSS
Exploits1References22
attackerkb
attackerkb
added 2026/04/06 3:21 p.m.4 views

CVE-2026-34379

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS5.9AI score0.00283EPSS
Exploits1References5Affected Software1
debiancve
debiancve
added 2026/04/06 3:19 p.m.4 views

CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS5.4AI score0.00262EPSS
Exploits1
Rows per page
Query Builder