PT-2026-38333 · Openexr · Openexr

Medoedus

Published

2026-05-07

Updated

2026-06-08

CVE-2026-41142

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10

Description An integer overflow exists in the ImageChannel::resize() function, which can lead to a heap out-of-bounds (OOB) write—a condition where data is written outside the boundaries of the allocated memory buffer—via the OpenEXRUtil public API.

Recommendations Update to version 3.2.9 Update to version 3.3.11 Update to version 3.4.11

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2026-41142

ECHO-DD6A-E30B-958D

OESA-2026-2364

OESA-2026-2365

OESA-2026-2366

OPENSUSE-SU-2026:10772-1

Affected Products

Openexr

PT-2026-38333 · Openexr · Openexr

CVE-2026-41142

Weakness Enumeration

Related Identifiers

Affected Products

References · 33