5 matches found
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the HTJ2K decoder. An attacker can execute arbitrary code or cause a denial of service by providing a crafted .exr file with HTJ2K compression and a channel width of 32768, which results in controlled data...
CVE-2026-34545
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...
EUVD-2026-18062
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...
CVE-2026-34545
CVE-2026-34545 affects OpenEXR versions 3.4.0–3.4.6, where decoding an EXR file using HTJ2K compression with a channel width of 32768 can trigger a heap write overflow. The overflow occurs while decoding and writes beyond the output heap buffer, with a write primitive of 2 bytes per overflow iter...
PT-2026-29622
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.6 Description OpenEXR, a specification and reference implementation of the EXR file format used in the motion picture industry, contains a flaw. A crafted .exr file utilizing HTJ2K compression and a channel...