Academysoftwarefoundation Openexr vulnerabilities

17 known vulnerabilities affecting academysoftwarefoundation/openexr.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

HIGH8MEDIUM8LOW1

Vulnerabilities

Page 1 of 1

CVE-2026-34379HIGHCVSS 7.1v>= 3.2.0, < 3.2.7v>= 3.3.0, < 3.3.9+1 more2026-04-06

CVE-2026-34379 [HIGH] CWE-704 CVE-2026-34379: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compres

nvd

CVE-2026-34589HIGHCVSS 8.4v>= 3.2.0, < 3.2.7v>= 3.3.0, < 3.3.9+1 more2026-04-06

CVE-2026-34589 [HIGH] CWE-190 CVE-2026-34589: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and la

nvd

CVE-2026-34588HIGHCVSS 8.6v>= 3.1.0, <= 3.1.13v>= 3.2.0, < 3.2.7+2 more2026-04-06

CVE-2026-34588 [HIGH] CWE-125 CVE-2026-34588: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this p

nvd

CVE-2026-34380MEDIUMCVSS 5.9v>= 3.2.0, < 3.2.7v>= 3.3.0, < 3.3.9+1 more2026-04-06

CVE-2026-34380 [MEDIUM] CWE-190 CVE-2026-34380: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undo_pxr24_impl() in src/lib/OpenEXRCore/internal_pxr24.c at line 377. The expression (uint64_t)(w * 3) computes w * 3 as a

nvd

CVE-2026-34378MEDIUMCVSS 6.5v>= 3.4.0, < 3.4.92026-04-06

CVE-2026-34378 [MEDIUM] CWE-190 CVE-2026-34378: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to

nvd

CVE-2026-34543HIGHCVSS 8.7v>= 3.4.0, < 3.4.82026-04-01

CVE-2026-34543 [HIGH] CWE-908 CVE-2026-34543: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). This occurs under default settings; simply reading a m

nvd

CVE-2026-34544HIGHCVSS 8.4v>= 3.4.0, < 3.4.82026-04-01

CVE-2026-34544 [HIGH] CWE-190 CVE-2026-34544: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (

nvd

CVE-2026-34545HIGHCVSS 8.4v>= 3.4.0, < 3.4.72026-04-01

CVE-2026-34545 [HIGH] CWE-122 CVE-2026-34545: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controlled data beyond the output heap buffer in any applica

nvd

CVE-2026-27622HIGHCVSS 8.4v>= 2.3.0, < 3.2.6v>= 3.3.0, < 3.3.8+1 more2026-03-03

CVE-2026-27622 [HIGH] CWE-787 CVE-2026-27622: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is

nvd

CVE-2026-26981MEDIUMCVSS 6.5v>= 3.3.0, < 3.3.7v>= 3.4.0, < 3.4.52026-02-24

CVE-2026-26981 [MEDIUM] CWE-195 CVE-2026-26981: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through

nvd

CVE-2025-64183MEDIUMCVSS 5.5v>= 3.2.0, < 3.2.5v>= 3.3.0, < 3.3.6+1 more2025-11-10

CVE-2025-64183 [MEDIUM] CWE-416 CVE-2025-64183: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of pyOpenEXR_old.cpp. The legacy adapter defines PyObject_StealAttrString

nvd

CVE-2025-64182MEDIUMCVSS 5.5v>= 3.2.0, < 3.2.5v>= 3.3.0, < 3.3.6+1 more2025-11-10

CVE-2025-64182 [MEDIUM] CWE-120 CVE-2025-64182: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely co

nvd

CVE-2025-64181LOWCVSS 2.0v>= 3.3.0, < 3.3.6v>= 3.4.0, < 3.4.32025-11-10

CVE-2025-64181 [LOW] CWE-457 CVE-2025-64181: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a

nvd

CVE-2025-48074MEDIUMCVSS 4.6v>= 3.3.2, < 3.3.32025-08-01

CVE-2025-48074 [MEDIUM] CWE-770 CVE-2025-48074: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is

nvd

CVE-2025-48071HIGHCVSS 8.4v>= 3.3.0, < 3.3.32025-07-31

CVE-2025-48071 [HIGH] CWE-122 CVE-2025-48071: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in

nvd

CVE-2025-48072MEDIUMCVSS 6.8v>= 3.3.2, < 3.3.32025-07-31

CVE-2025-48072 [MEDIUM] CWE-125 CVE-2025-48072: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed

nvd

CVE-2025-48073MEDIUMCVSS 4.6v>= 3.3.2, < 3.3.32025-07-31

CVE-2025-48073 [MEDIUM] CWE-476 CVE-2025-48073: OpenEXR provides the specification and reference implementation of the EXR file format, an image sto OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This i

nvd