angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34544 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34544 Source advisory: OSV:GHSA-H762-RHV3-H25V...

EUVD-2026-18060

OpenEXR: integer overflow to OOB write in uncompressb44impl...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the uncompressb44impl file. An attacker can cause an out-of-bounds write by supplying a specially crafted B44 or B44A EXR file that triggers an integer overflow, resulting in memory corruption or application...

GHSA-H762-RHV3-H25V OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

Summary The B44/B44A decoder in OpenEXR reconstructs row pointers into a scratch buffer using int. When the channel width nx is large enough, the product y nx overflows int, causing the row pointer to wrap before the start of the scratch buffer. Subsequent memcpy calls then write decoded pixel...

OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

Summary The B44/B44A decoder in OpenEXR reconstructs row pointers into a scratch buffer using int. When the channel width nx is large enough, the product y nx overflows int, causing the row pointer to wrap before the start of the scratch buffer. Subsequent memcpy calls then write decoded pixel...

CLSA-2026-1775234419 Update of openexr

Bump release...

CLSA-2026-1775211239 openexr: Fix of 4 CVEs

CVE-2025-12495 CVE-2025-12839 CVE-2025-12840: fix heap buffer overflows in the C core decoding pipeline missing nread validation in exrreadchunk, missing packed/unpacked size check for uncompressed tiles, missing storagemode guard in chunk offset computation - CVE-2025-64181: fix use of...

Linux Distros Unpatched Vulnerability : CVE-2026-34544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version...

Python Library OpenEXR 3.4.x < 3.4.7 Heap Buffer Overflow (OOB Read)

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.7. It is, therefore, affected by a heap buffer overflow vulnerability: - A heap-buffer-overflow out-of-bounds read occurs in the the HTJ2K decoder in OpenEXR when copying decompressed samples from OpenJPH...

SUSE: Security Advisory (SUSE-SU-2026:20936-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2026-34543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version...

SUSE CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

SUSE CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

CVE-2026-34544

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker or local user could exploit this vulnerability by providing a specially crafted B44 or B44A EXR file. This crafted file can cause an out-of-bounds write during file decoding, which may lead to...

CVE-2026-34543

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit this vulnerability by tricking a user into opening a specially crafted EXR file. This could lead to the disclosure of sensitive information from heap memory through the decoded...

CVE-2026-34545

A flaw was found in OpenEXR, an image storage format for the motion picture industry. An attacker can exploit this vulnerability by providing a specially crafted .exr file with HTJ2K compression and a specific channel width. This allows controlled data to be written beyond the output heap buffer,...

Linux Distros Unpatched Vulnerability : CVE-2026-34545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the HTJ2K decoder. An attacker can execute arbitrary code or cause a denial of service by providing a crafted .exr file with HTJ2K compression and a channel width of 32768, which results in controlled data...

DEBIAN-CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

CVE-2026-34544

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...