CVE-2026-34379

CVE-2026-34379 affects OpenEXR across 3.2.x, 3.3.x, and 3.4.x: a misaligned memory write in LossyDctDecoder_execute() for FLOAT channels during in-place HALF→FLOAT conversion. The decoder casts an unaligned uint8_t* row pointer to float* and writes, causing undefined behavior and potential crash ...

PT-2026-30658

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.6, version 3.3.9, and version 3.4.9 Description A memory write issue exists in the LossyDctDecoder execute function within src/lib/OpenEXRCore/internal dwa decoder.h:749 when decoding DWA or DWAB-compressed E...