13 matches found
Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1713)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1713 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to...
OESA-2026-2365 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...
CVE-2026-42217
A flaw was found in OpenEXR. A remote attacker could exploit this vulnerability by providing a specially crafted EXR image file. The readVariableLengthInteger function, responsible for decoding variable-length integers, does not properly bound the shift count. This can lead to undefined behavior,...
SUSE CVE-2026-42217
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
CVE-2026-42217
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
CVE-2026-42217
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
CVE-2026-42217 OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`)
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
CVE-2026-42217
OpenEXR CVE-2026-42217 affects the readVariableLengthInteger() function in ImfIDManifest.cpp. Vulnerable are OpenEXR versions 3.0.0–3.2.8, 3.3.0–3.3.10, and 3.4.0–3.4.10, where decoding a variable-length integer from untrusted input can, after enough continuation bytes, perform a left shift of 70...
CVE-2026-42217 OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`)
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
CVE-2026-42217
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
EUVD-2026-28300
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...
PT-2026-38335
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description The readVariableLengthInteger function decodes a variable-length integer from untrusted EXR input without bounding the...
[SECURITY] Fedora 40 Update: rust-leb128-0.2.5-9.fc40
Read and write DWARF's "Little Endian Base 128" LEB128 variable length integer encoding...