42 matches found
CVE-2026-45696
A flaw was found in the OpenEXR image library. If an application opens a maliciously crafted EXR image file, it triggers a memory error. An attacker can use this to crash the application—causing a denial of service DoS—and potentially view sensitive information from the application's memory. Any...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the htundoimpl function. An attacker can cause a crash and potentially leak adjacent heap memory by supplying a crafted EXR file with mismatched channel width and buffer length. Remediation Upgrade openexr...
CVE-2026-45696
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...
CVE-2026-45696
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...
CVE-2026-42216
A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...
OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file
A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...
Important: openexr security update
OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...
RHEL 9 : openexr (RHSA-2026:19359)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19359 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents ...
Important: Red Hat Security Advisory: openexr security update
An update for openexr is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file
A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...
RHEL 9 : openexr (RHSA-2026:17660)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17660 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents ...
RLSA-2026:15888 Important: openexr security update
OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...
openexr security update
An update is available for openexr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file format...
RockyLinux 10 : openexr (RLSA-2026:15888)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:15888 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...
RHEL 10 : openexr (RHSA-2026:15888)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:15888 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents...
Important: Red Hat Security Advisory: openexr security update
An update for openexr is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Important: Red Hat Security Advisory: openexr security update
An update for openexr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2026:15888 Important: openexr security update
OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...
CVE-2026-40244
A flaw was found in OpenEXR, an image storage format library. An integer overflow vulnerability exists when processing specially crafted EXR image files. A local user could exploit this by tricking a victim into opening a malicious EXR file. This flaw could lead to memory corruption, potentially...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the DwaCompressoruncompress function due to improper integer arithmetic in pointer calculations. An attacker can cause memory corruption or potentially execute arbitrary code by supplying crafted EXR...