CVE-2026-34588 — Out-of-bounds Read in Openexr
Severity
8.6HIGHNVD
EPSS
0.0%
top 93.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 6
Latest updateApr 8
Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both o…
CVSS vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Packages4 packages
🔴Vulnerability Details
3OSV▶
CVE-2026-34588: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry↗2026-04-06
📋Vendor Advisories
2🕵️Threat Intelligence
1💬Community
5Bugzilla▶
CVE-2026-34588 mingw-openexr: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all]↗2026-04-06
Bugzilla▶
CVE-2026-34588 OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file↗2026-04-06
Bugzilla▶
CVE-2026-34588 openexr: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all]↗2026-04-06
Bugzilla▶
CVE-2026-34588 openexr2: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all]↗2026-04-06
Bugzilla▶
CVE-2026-34588 usd: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all]↗2026-04-06