CVE-2026-34379 — Incorrect Type Conversion or Cast in Openexr
Severity
7.1HIGHNVD
EPSS
0.1%
top 81.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 6
Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2
Affected Packages3 packages
▶CVEListV5academysoftwarefoundation/openexr>= 3.2.0, < 3.2.7, >= 3.3.0, < 3.3.9, >= 3.4.0, < 3.4.9+2
🔴Vulnerability Details
1OSV▶
CVE-2026-34379: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry↗2026-04-06
📋Vendor Advisories
2🕵️Threat Intelligence
1💬Community
5Bugzilla▶
CVE-2026-34379 usd: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all]↗2026-04-06
Bugzilla▶
CVE-2026-34379 openexr: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all]↗2026-04-06
Bugzilla▶
CVE-2026-34379 OpenEXR: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding↗2026-04-06
Bugzilla▶
CVE-2026-34379 openexr2: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all]↗2026-04-06
Bugzilla▶
CVE-2026-34379 mingw-openexr: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all]↗2026-04-06