OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total sizes for attacker-controlled large counts across many parts, total sizes[ptr] wraps modulo 2^32. overall sample count is then derived from wrapped totals and used in samples[channel].resize(overall sample count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic unpack deep pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.