CVE-2026-42216
CVE-2026-42216 affects OpenEXR: an out-of-bounds read in IDManifest::init() during prefix expansion. In affected ranges (3.0.0–before 3.2.9, 3.3.0–before 3.3.11, and 3.4.0–before 3.4.11), the code reads stringList[i][0] and stringList[i][1] without ensuring the current string has two bytes. This ...