CVE-2026-34379
CVE-2026-34379 affects OpenEXR across 3.2.x, 3.3.x, and 3.4.x: a misaligned memory write in LossyDctDecoder_execute() for FLOAT channels during in-place HALF→FLOAT conversion. The decoder casts an unaligned uint8_t* row pointer to float* and writes, causing undefined behavior and potential crash ...