CVE-2026-34545Heap-based Buffer Overflow in Openexr

CWE-122Heap-based Buffer OverflowCWE-190Integer Overflow or WraparoundCWE-1284Improper Validation of Specified Quantity in Input6 documents6 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 78.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpenexrAcademysoftwarefoundation OpenexrDebian Openexr
Timeline
PublishedApr 1
Latest updateApr 2

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controlled data beyond the output heap buffer in any application that decodes EXR images. The write primitive is 2 bytes per overflow iteration or 4 bytes (by another path), repeating for each additional pix

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDopenexr/openexr3.4.03.4.7
CVEListV5academysoftwarefoundation/openexr>= 3.4.0, < 3.4.7

Patches

Patch: github.com

🔴Vulnerability Details

1
OSV
CVE-2026-34545: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry2026-04-01

📋Vendor Advisories

2
Red Hat
OpenEXR: OpenEXR: Remote code execution via crafted EXR files2026-04-01
Debian
CVE-2026-34545: openexr - OpenEXR provides the specification and reference implementation of the EXR file ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-34545 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-34545 usd: OpenEXR: Remote code execution via crafted EXR files [fedora-all]2026-04-02
CVE-2026-34545 — Heap-based Buffer Overflow in Openexr | cvebase