PT-2026-29620 · Openexr · Openexr

Cary Phillips

Published

2026-04-01

Updated

2026-06-01

CVE-2026-34543

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.7

Description OpenEXR, an image storage format used in the motion picture industry, may disclose sensitive information from heap memory through decoded pixel data. This information disclosure occurs when processing a malicious EXR file under default settings, requiring no user interaction.

Recommendations Update to version 3.4.8 or later.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

CVE-2026-34543

ECHO-DD0B-5DB3-5ACE

GHSA-VC68-257W-M432

OPENSUSE-SU-2026:10505-1

Affected Products

Openexr

PT-2026-29620 · Openexr · Openexr

CVE-2026-34543

Weakness Enumeration

Related Identifiers

Affected Products

References · 24