CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2361 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-44663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

6.5CVSS5.8AI score0.00262EPSS

Exploits1References3

Tenable Nessus•added 4 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-45696

8.3CVSS6AI score0.00271EPSS

Exploits0References3

RedhatCVE•added 5 days ago•5 views

CVE-2026-45696

A flaw was found in the OpenEXR image library. If an application opens a maliciously crafted EXR image file, it triggers a memory error. An attacker can use this to crash the application—causing a denial of service DoS—and potentially view sensitive information from the application's memory. Any...

8.3CVSS5.8AI score0.00271EPSS

Exploits0References5

RedhatCVE•added 5 days ago•7 views

CVE-2026-44663

A security flaw has been identified in OpenEXR, a widely used image format library, which may impact applications processing certain high-resolution image files. Mitigation To mitigate this issue, avoid processing untrusted HTJ2K-compressed EXR files. Restricting the handling of such files to...

6.1CVSS5.7AI score0.0017EPSS

Exploits0References5

AstraLinux•added 5 days ago•11 views

Astra Linux – Vulnerability in openexr

A flaw was discovered in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image file to have it processed by OpenEXR, resulting in a floating-point exception error. The greatest threat posed by this vulnerability is to system availabili...

7.1CVSS6.8AI score0.00912EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, there is an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy operation will loop at positions 0 and 1, continuing to write until a multiple of 8 i...

8.7CVSS6.6AI score0.00153EPSS

Exploits0References2

AstraLinux•added 5 days ago•7 views

Astra Linux – Vulnerability in openexr

A flaw was discovered in the function dataWindowForTile of the IlmImf/ImfTiledMisc.cpp file. An attacker who can submit a crafted file for processing with OpenEXR could trigger an integer overflow, resulting in an out-of-bounds write operation on the heap. The most significant impact of this flaw...

6.1CVSS6.9AI score0.0079EPSS

Exploits0References2

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in openexr

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

5.5CVSS7.1AI score0.01772EPSS

Exploits1References2

OSV•added 6 days ago•6 views

DEBIAN-CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS6AI score0.00271EPSS

Exploits0References1

OSV•added 6 days ago•6 views

DEBIAN-CVE-2026-44663

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...

6.1CVSS5.8AI score0.0017EPSS

Exploits0References1

NVD•added 6 days ago•7 views

CVE-2026-44663

6.1CVSS0.0017EPSS

Exploits0References2

NVD•added 6 days ago•10 views

CVE-2026-45696

8.3CVSS0.00271EPSS

Exploits0References2

Cvelist•added 6 days ago•18 views

CVE-2026-45696 OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

8.3CVSS0.00271EPSS

Exploits0References2

CVE•added 6 days ago•18 views

CVE-2026-45696

CVE-2026-45696 affects OpenEXR 3.4.0–3.4.11, where the HTJ2K decoder’s ht_undo_impl() can perform a heap-buffer-overflow READ due to a width mismatch between the EXR codestream and the declared line width. The decoder copies 32-bit samples from cur_line->i32[] without validating the OpenJPH li...

8.3CVSS5.6AI score0.00271EPSS

Exploits0References2

Debian CVE•added 6 days ago•6 views

CVE-2026-45696

8.3CVSS6AI score0.00271EPSS

Exploits0

Cvelist•added 6 days ago•17 views

CVE-2026-44663 OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow

6.1CVSS0.0017EPSS

Exploits0References2

CVE•added 6 days ago•19 views

CVE-2026-44663

Technical summary (OpenEXR CVE-2026-44663): In OpenEXR 3.4.0–3.4.11, ht_undo_impl() in OpenEXRCore/internal_ht.cpp performs an integer overflow when computing bytes_per_element during HTJ2K decoding, causing a heap-buffer-overflow on large widths (e.g., >= 536,870,912 for FLOAT). The overflow ...

6.1CVSS5.2AI score0.0017EPSS

Exploits0References2

Debian CVE•added 6 days ago•5 views

CVE-2026-44663

6.1CVSS5.7AI score0.0017EPSS

Exploits0

OSV•added last week•6 views

ROOT-OS-DEBIAN-13-CVE-2026-42216 CVE-2026-42216 in rootio-openexr - Patched by Root

Root has patched CVE-2026-42216 in the rootio-openexr package for Root:Debian:13. Multiple fixed versions available...

9.1CVSS5.4AI score0.00374EPSS

Exploits1

OSV•added last week•5 views