PT-2026-38335 · Openexr · Openexr

M1-Llie

Published

2026-05-07

Updated

2026-06-08

CVE-2026-42217

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10

Description The readVariableLengthInteger() function decodes a variable-length integer from untrusted EXR input without bounding the shift count. When a sufficient number of continuation bytes are processed, the code performs a left shift by 70 on a 64-bit value, resulting in undefined behavior.

Recommendations Update versions 3.0.0 through 3.2.8 to version 3.2.9. Update versions 3.3.0 through 3.3.10 to version 3.3.11. Update versions 3.4.0 through 3.4.10 to version 3.4.11.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2026-42217

ECHO-E186-1AAB-8C05

OESA-2026-2364

OESA-2026-2365

OESA-2026-2366

OPENSUSE-SU-2026:10772-1

Affected Products

Openexr

PT-2026-38335 · Openexr · Openexr

CVE-2026-42217

Weakness Enumeration

Related Identifiers

Affected Products

References · 33