2370 matches found
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the genericunpack function when parsing EXR files containing a crafted negative value for dataWindow.min.x. An attacker can cause the process to terminate unexpectedly by supplying a specially crafted E...
sfx (=0.1.0) potentially affected by CVE-2026-34379 via openexr (=3.2.4)
openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34379 Source advisory: SNYK:PYTHON-OPENEXR-15993246...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34379 via openexr (>=3.4.12 <=3.4.4)
openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34379 Source advisory: SNYK:PYTHON-OPENEXR-15993246...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the LossyDctDecoderexecute process when decoding DWA or DWAB-compressed files containing FLOAT-type channels. An attacker can cause undefined behavior, potentially leading to application crashes or...
Incorrect Type Conversion or Cast
Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the LossyDctDecoderexecute process when decoding DWA or DWAB-compressed files containing FLOAT-type channels. An attacker can cause...
Integer Overflow or Wraparound
Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the undopxr24impl function. An attacker can cause memory corruption and potentially execute arbitrary code by providing a specially crafted...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34380 via openexr (>=3.4.12 <=3.4.4)
openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34380 Source advisory: SNYK:PYTHON-OPENEXR-15993236...
sfx (=0.1.0) potentially affected by CVE-2026-34380 via openexr (=3.2.4)
openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34380 Source advisory: SNYK:PYTHON-OPENEXR-15993236...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the undopxr24impl function. An attacker can cause memory corruption and potentially execute arbitrary code by providing a specially crafted EXR file that triggers a signed integer overflow, leading to a...
CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...
CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...
CVE-2026-34589
OpenEXR vulnerability CVE-2026-34589 involves an integer overflow in the DWA lossy decoder. From 3.2.0 to before 3.2.7, 3.3.0 to before 3.3.9, and 3.4.0 to before 3.4.9, the decoder computes per-component block pointers with signed 32-bit arithmetic, which can overflow for large widths and cause ...
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-34588
OpenEXR contains a local overflow in internal_exr_undo_piz() where nx, ny, and wcount are int, allowing an overflow and wrap that causes out-of-bounds reads/writes during wavelet decoding. This affects 3.1.0–3.2.6, 3.3.0–3.3.8, and 3.4.0–3.4.8 (per CVE-2026-34588) and is fixed in 3.2.7, 3.3.9, an...
CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-34380 OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...