20 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44663
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...
CVE-2026-44663
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...
CVE-2026-45696
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...
CVE-2026-45696 OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...
CVE-2026-44663
OpenEXR CVE-2026-44663 is a heap-buffer overflow in the HTJ2K decoder (ht_undo_impl) caused by 32-bit signed overflow when multiplying decode->channels[i].width by bytes_per_element during HTJ2K decoding. This occurs in OpenEXR 3.4.0–3.4.11 and can lead to a heap out-of-bounds write when handl...
CVE-2026-44663 OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...
CVE-2026-44663
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...
CVE-2026-44663
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...
Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities
The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.12. It is, therefore, affected by multiple vulnerabilities: - An integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer-overflow when decoding a crafted HTJ2K-compress...
CVE-2026-39886
A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit a signed integer overflow vulnerability in the HTJ2K High-Throughput JPEG 2000 decompression path by providing a specially crafted EXR file. This flaw causes an internal...
Linux Distros Unpatched Vulnerability : CVE-2026-39886
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0...
SUSE CVE-2026-39886
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...
CVE-2026-39886
CVE-2026-39886 affects OpenEXR up to version 3.4.9. A signed 32-bit overflow in ht_undo_impl() (internal_ht.cpp) of the HTJ2K decompression path can cause a per-scanline pointer arithmetic error, potentially leading to a heap out-of-bounds write when a crafted EXR with 16,385 FLOAT channels at ma...
CVE-2026-39886 OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl()
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...
OpenEXR -- several integer overflow vulnerabilities
Cary Phillips reports: OpenEXR 3.4.10 is a patch release that addresses the following security vulnerabilities: CVE-2026-39886 HTJ2K Signed Integer Overflow in htundoimpl CVE-2026-40244 Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic missed variant of CVE-2026-34589...
Python Library OpenEXR 3.4.x < 3.4.7 Heap Buffer Overflow (OOB Read)
The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.7. It is, therefore, affected by a heap buffer overflow vulnerability: - A heap-buffer-overflow out-of-bounds read occurs in the the HTJ2K decoder in OpenEXR when copying decompressed samples from OpenJPH...
Linux Distros Unpatched Vulnerability : CVE-2026-34545
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version...
CVE-2026-34545
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...
CVE-2026-34545 OpenEXR: integer overflow lead to OOB in HTJ2K decoder
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...
EUVD-2026-18062
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...