PT-2026-30662

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.1.0 through 3.2.6, versions prior to 3.3.9, and versions prior to 3.4.9 Description OpenEXR, an image storage format used in the motion picture industry, contains a flaw in the internal exr undo piz function. Specifically, t...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.4.0 to 3.4.9 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary checks on the dataWindow property, which coul...

PT-2026-30657

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.8 Description A missing bounds check on the dataWindow attribute in EXR file headers can lead to a signed integer overflow in the generic unpack function. Setting dataWindow.min.x to a large negative value...

PT-2026-30663

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.6, 3.3.9, and 3.4.9 Description OpenEXR, an image storage format used in the motion picture industry, contains a flaw in the DWA lossy decoder. Specifically, the decoder uses signed 32-bit arithmetic to creat...

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.2.0, 3.3.9, and 3.4.9 contained a buffer error vulnerability. This vulnerability stems from integer overflows, which could lead to bypassing...

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.2.0, 3.3.9, and 3.4.9 contained a buffer error vulnerability. This vulnerability stems from a symbolic integer arithmetic overflow that could lead...

Linux Distros Unpatched Vulnerability : CVE-2026-34379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to...

Linux Distros Unpatched Vulnerability : CVE-2026-34588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to...

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.1.0 and 3.2.7, as well as versions prior to 3.3.9 and 3.4.9, contain a buffer error vulnerability. This vulnerability stems from integer overflows...

Linux Distros Unpatched Vulnerability : CVE-2026-34589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to...

FreeBSD : openexr -- multiple vulnerabilities (adb096d4-2e72-11f1-acc1-339a1a6999b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the adb096d4-2e72-11f1-acc1-339a1a6999b0 advisory. Cary Phillips reports: OpenEXR 3.4.9 addresses the following CVEs: Tenable has extracted the...

Information Disclosure

openexr is vulnerable to an information disclosure. The vulnerability is due to improper handling of heap memory during image decoding, which allows an attacker to craft a malicious EXR file that leaks sensitive memory data when processed...

Out-of-bounds Write

OpenEXR is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds checking when decoding crafted B44 or B44A EXR files, which allows an attacker to trigger memory corruption or crash the application...

sfx (=0.1.0) potentially affected by CVE-2026-34543 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34543 Source advisory: OSV:GHSA-VC68-257W-M432...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the undopxr24impl function. An attacker can access sensitive heap memory contents by submitting a specially crafted EXR file that triggers the decoder to read uninitialized memory and include it in the...

EUVD-2026-18058

OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size undopxr24impl...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34543 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34543 Source advisory: OSV:GHSA-VC68-257W-M432...

OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

Summary The PXR24 decompression function undopxr24impl in OpenEXR internalpxr24.c ignores the actual decompressed size outSize returned by exruncompressbuffer and instead reads from the scratch buffer based solely on the expected size uncompressedsize derived from the header metadata. Additionall...

GHSA-VC68-257W-M432 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

Summary The PXR24 decompression function undopxr24impl in OpenEXR internalpxr24.c ignores the actual decompressed size outSize returned by exruncompressbuffer and instead reads from the scratch buffer based solely on the expected size uncompressedsize derived from the header metadata. Additionall...

sfx (=0.1.0) potentially affected by CVE-2026-34544 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34544 Source advisory: OSV:GHSA-H762-RHV3-H25V...