RockyLinux 9 : libtiff (RLSA-2025:20801)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20801 advisory. libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM CVE-2023-52355 libtiff: Segment fault in libtiff in TIFFReadRGBATileExt leadi...

Astra Linux - уязвимость в openexr

There is a flaw in OpenEXR’s scanline input file functionality in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could consume excessive system memory. The most significant impact of this flaw is on system availability...

Astra Linux - уязвимость в openexr

There is a flaw in the Scanline API functionality of OpenEXR in versions prior to 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could cause excessive memory consumption, thereby affecting system availability...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

JLSEC-2026-133

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...

Out-of-bounds Write

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an integer overflow, resulting in a heap out-of-bounds write duri...

CLSA-2026-1774604404 openexr: Fix of CVE-2026-27622

CVE-2026-27622: fix integer overflow in CompositeDeepScanLine leading to heap buffer overflow...

OESA-2026-1686 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...

Python Library OpenEXR 2.3.x / 3.x < 3.2.6 / 3.3.x < 3.3.8 / 3.4.x < 3.4.6 Heap Buffer Overflow

The version of the OpenEXR Python package installed on the remote host is 2.3.x or 3.x prior to 3.2.6, 3.3.x prior to 3.3.8, or 3.4.x prior to 3.4.6. It is, therefore, affected by a heap buffer overflow vulnerability: - In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in a...

DEBIAN-CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

UBUNTU-CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

CVE-2026-27622 OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

CVE-2026-27622

OpenEXR vulnerability CVE-2026-27622 arises from an integer overflow in CompositeDeepScanLine::readPixels, where per-pixel totals are accumulated into total_sizes and wrapped modulo 2^32, causing derived overall_sample_count to mis-size samples and leading to a heap out-of-bounds write in core un...