OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

Summary A heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer subtraction produces a negative value that is implicitly converted to sizet, resulting in a massive lengt...

GHSA-Q6VJ-WXVF-5M8C OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

Summary A heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer subtraction produces a negative value that is implicitly converted to sizet, resulting in a massive lengt...

EUVD-2025-50826

OpenEXR has use after free in PyObjectStealAttrString...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64183 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

sfx (=0.1.0) potentially affected by CVE-2025-64183 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2025-64183 Source advisory: OSV:GHSA-57CW-J6VP-2P9M...

OpenEXR has use after free in PyObject_StealAttrString

Summary There is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp. This bug was found with ZeroPath. Details The legacy adapter defines PyObjectStealAttrString that calls PyObjectGetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then...

GHSA-57CW-J6VP-2P9M OpenEXR has use after free in PyObject_StealAttrString

Summary There is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp. This bug was found with ZeroPath. Details The legacy adapter defines PyObjectStealAttrString that calls PyObjectGetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then...

sfx (=0.1.0) potentially affected by CVE-2025-64182 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2025-64182 Source advisory: OSV:GHSA-VH63-9MQX-WMJR...

EUVD-2025-50827

OpenEXR has buffer overflow in PyOpenEXRold's channels and channel...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64182 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()

Summary A memory safety bug in the legacy OpenEXR Python adapter the deprecated OpenEXR.InputFile wrapper allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel and...

GHSA-VH63-9MQX-WMJR OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()

Summary A memory safety bug in the legacy OpenEXR Python adapter the deprecated OpenEXR.InputFile wrapper allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects. Integer overflow and unchecked allocation in InputFile.channel and...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64181 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

EUVD-2025-50828

OpenEXR Makes Use of Uninitialized Memory...

OpenEXR Makes Use of Uninitialized Memory

Summary While fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. Details Environment: -...

GHSA-3H9H-QFVW-98HQ OpenEXR Makes Use of Uninitialized Memory

Summary While fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. Details Environment: -...

CVE-2026-34379

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. A remote attacker could exploit this vulnerability by providing a specially crafted DWA or DWAB-compressed EXR file containing a FLOAT-type channel. When the file is decoded, a misaligned memory write...

CVE-2026-34378

A flaw was found in OpenEXR, a widely used image storage format. A remote attacker could exploit a missing bounds check vulnerability by crafting a malicious EXR file. By manipulating a specific attribute in the file header, an attacker can trigger an integer overflow, causing the application to...

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

DEBIAN-CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...