CVE-2026-34378

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.8

Description A missing bounds check on the dataWindow attribute in EXR file headers can lead to a signed integer overflow in the generic unpack() function. Setting dataWindow.min.x to a large negative value causes OpenEXRCore to calculate an excessively large image width. This width is then used in a signed integer multiplication, resulting in an overflow and process termination via SIGILL and UBSan.

Recommendations Update to version 3.4.9 or later.