OESA-2026-2364 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...

GHSA-P8XC-W3Q4-H64X OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...

EUVD-2026-19305

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

PT-2026-30658

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.6, version 3.3.9, and version 3.4.9 Description A memory write issue exists in the LossyDctDecoder execute function within src/lib/OpenEXRCore/internal dwa decoder.h:749 when decoding DWA or DWAB-compressed E...

CVE-2026-34543 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

UBUNTU-CVE-2026-26981

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...

CVE-2025-59733

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...

PT-2025-40879

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 8.0 Description An issue exists in decoding OpenEXR files that use DWAA or DWAB compression. The software makes an assumption that all image channels have the same pixel type and size, specifically expecting "B", "G",...

OpenEXR: Heap Overflow in Scanline Deep Data Parsing

A vulnerability was found in the Academy Software Foundation OpenEXR and requires that a malicious EXR file image is parsed by the target device or environment using OpenEXR. This issue occurs due to a failure in validating the number of scanline samples of an OpenEXR file containing deep scanlin...

FreeImage Security Vulnerability

FreeImage is a cross-platform open source library for supporting popular graphic image formats. A security vulnerability exists in FreeImage version v.3.19.0, which stems from the presence of a buffer overflow vulnerability. A local attacker can exploit this vulnerability to execute arbitrary cod...

The vulnerability of the DwaCompressor::Classifier::Classifier function in software for storing images with wide dynamic range brightness in OpenEXR, related to a single offset error, allows attackers to cause service interruptions.

The vulnerability of the DwaCompressor::Classifier::Classifier function in software for storing images with wide dynamic range brightness in OpenEXR is related to a single-shift error. Exploiting this vulnerability could allow an attacker to cause service failures...

The vulnerability of the DeepScanLineInputFile() function in software for storing images with wide dynamic range brightness in OpenEXR, related to memory usage after deallocation, allows a hacker to cause a service failure.

The vulnerability of the DeepScanLineInputFile function in software for storing images in OpenEXR format with a wide dynamic range of brightness levels is related to the use of memory areas after they are freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

USN-4996-1 openexr vulnerabilities

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

LIM OpenEXR 输入验证错误漏洞

Industrial Light And Magic LIM OpenEXR is an image file format from Industrial Light and Magic LIM, USA, for high dynamic range HDR images. An input validation error vulnerability exists in OpenEXR B44 uncompression, which can be exploited by an attacker to trigger a shift overflow and potentiall...

PT-2020-6859 · Openexr +3 · Openexr +3

Name of the Vulnerable Software and Affected Versions: OpenEXR affected versions not specified Description: A flaw found in the dataWindowForTile function of IlmImf/ImfTiledMisc.cpp can trigger an integer overflow when a crafted file is processed, leading to an out-of-bounds write on the heap. Th...

DEBIAN-CVE-2020-11762

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case...