CVE-2026-34545

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.6

Description OpenEXR, a specification and reference implementation of the EXR file format used in the motion picture industry, contains a flaw. A crafted .exr file utilizing HTJ2K compression and a channel width of 32768 can cause a heap buffer overflow when decoded by applications. This overflow occurs due to a write primitive of 2 or 4 bytes per iteration, repeating for each pixel exceeding the overflow point. This can lead to remote code execution.

Recommendations Update to OpenEXR version 3.4.7 or later.