2 matches found
JLSEC-2026-142
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...
CVE-2026-34378
OpenEXR vulnerability overview: The EXR file format library OpenEXR is affected in versions 3.4.0 through before 3.4.9 due to a missing bounds check on the dataWindow attribute in headers, which can trigger a signed integer overflow in generic_unpack() when dataWindow.min.x is set to a large nega...