Linux Distros Unpatched Vulnerability : CVE-2026-44663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

RockyLinux 10 : openexr (RLSA-2026:19146)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19146 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR’s B44 uncompression functionality in versions prior to 3.0.0-beta. An attacker who can submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting the availability of the application...

Astra Linux - уязвимость в openexr

An integer overflow that leads to a heap-buffer overflow was discovered in the DwaCompressor of OpenEXR in versions prior to 3.0.1. An attacker could exploit this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215...

RockyLinux 9 : openexr (RLSA-2026:19359)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19359 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...

RHEL 10 : openexr (RHSA-2026:19146)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19146 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents...

CVE-2026-42217 vulnerabilities

Vulnerabilities for packages: openexr...

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

OpenEXR 输入验证错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. There is a input validation vulnerability in OpenEXR, which stems from integer overflows in the ImageChannel::resize function, leading to out-of-bounds write operations on the...

Astra Linux – Vulnerability in openexr

A flaw was discovered in OpenEXR in versions prior to 3.0.0-beta. A specially crafted input file provided by an attacker, when processed by the Dwa decompression functionality of OpenEXR’s IlmImf library, could lead to a NULL pointer dereferencing error. The most severe consequence of this...

RHEL 8 : OpenEXR (RHSA-2026:12340)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12340 advisory. OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This package...

RHSA-2026:12339 Red Hat Security Advisory: OpenEXR security update

Bulletin has no description...

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signe...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

ALSA-2026:8863 Important: OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format. Security Fixes: openexr: OpenEXR: Arbitrary code execution via integer overflow in...

AlmaLinux 10 : openexr (ALSA-2026:7682)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7682 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block direct...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34589 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34589 Source advisory: OSV:GHSA-P8XC-W3Q4-H64X...

Out-of-bounds Write

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an...