CVE-2026-40250

CVSS v4.0

8.4

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.9 OpenEXR versions 3.3.0 through 3.3.9 OpenEXR versions 3.2.0 through 3.2.7

Description An integer overflow occurs in the reference implementation of the EXR image storage format. The issue exists in internal dwa compressor.h:1040 where the calculation chan->width * chan->bytes per element is performed using int32 arithmetic without a (size t) cast.

Recommendations Update versions 3.4.0 through 3.4.9 to 3.4.10. Update versions 3.3.0 through 3.3.9 to 3.3.10. Update versions 3.2.0 through 3.2.7 to 3.2.8.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2026-40250

OESA-2026-2179

OESA-2026-2180

OESA-2026-2181

OPENSUSE-SU-2026:10665-1

Affected Products

Openexr

CVE-2026-40250

Weakness Enumeration

Related Identifiers

Affected Products

References · 25