PT-2026-22698 · Openexr+3 · Openexr+3

Quangio

·

Published

2026-03-02

·

Updated

2026-05-11

·

CVE-2026-27622

CVSS v4.0

8.4

High

VectorAV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 3.2.6 OpenEXR versions prior to 3.3.8 OpenEXR versions prior to 3.4.6
Description OpenEXR, a file format used in the motion picture industry, has an issue in the CompositeDeepScanLine::readPixels function. The function accumulates per-pixel totals in a vector named total sizes. When handling attacker-controlled large counts across multiple parts, the total sizes[ptr] value wraps around due to modulo 2^32 arithmetic. This wrapped total is then used to determine the size of the samples[channel] buffer, leading to an undersized buffer. Subsequent write operations in the generic unpack deep pointers function can then overrun this buffer.
Recommendations Update to OpenEXR version 3.2.6 or later. Update to OpenEXR version 3.3.8 or later. Update to OpenEXR version 3.4.6 or later.

Exploit

Fix

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2026:7682
ALSA-2026:8863
ALSA-2026:8888
CVE-2026-27622
GHSA-CR4V-6JM6-4963
OESA-2026-1685
OESA-2026-1686
OESA-2026-1687
OESA-2026-1688
OESA-2026-1689
OPENSUSE-SU-2026:10303-1
OPENSUSE-SU-2026:20433-1
RHSA-2026:12338
RHSA-2026:12339
RHSA-2026:12340
RHSA-2026:12341
RHSA-2026:7678
RHSA-2026:7682
RHSA-2026:8863
RHSA-2026:8869
RHSA-2026:8870
RHSA-2026:8871
RHSA-2026:8872
RHSA-2026:8888
SUSE-SU-2026:20936-1
USN-8259-1

Affected Products

Linuxmint
Openexr
Rocky Linux
Ubuntu