Debian Openexr vulnerabilities

CVE-2026-34544 [HIGH] CVE-2026-34544: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to

CVE-2026-34588 [HIGH] CVE-2026-34588: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow

CVE-2026-34545 [HIGH] CVE-2026-34545: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controlled data beyond the output heap buffer in any application that decod

CVE-2026-34589 [HIGH] CVE-2026-34589: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder sto

CVE-2026-34543 [HIGH] CVE-2026-34543: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). This occurs under default settings; simply reading a malicious EXR fi

CVE-2026-34379 [HIGH] CVE-2026-34379: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file co

CVE-2026-27622 [HIGH] CVE-2026-27622: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived f

CVE-2026-34380 [MEDIUM] CVE-2026-34380: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undo_pxr24_impl() in src/lib/OpenEXRCore/internal_pxr24.c at line 377. The expression (uint64_t)(w * 3) computes w * 3 as a signed 32-bit i

CVE-2026-34378 [MEDIUM] CVE-2026-34378: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negati

CVE-2026-26981 [MEDIUM] CVE-2026-26981: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mappe

CVE-2025-12840 [HIGH] CVE-2025-12840: openexr - Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow ... Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a

CVE-2025-12839 [HIGH] CVE-2025-12839: openexr - Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow ... Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a

CVE-2025-12495 [HIGH] CVE-2025-12495: openexr - Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow ... Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a

CVE-2025-48074 [MEDIUM] CVE-2025-48074: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in versio

CVE-2025-48071 [HIGH] CVE-2025-48071: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.

CVE-2025-64182 [MEDIUM] CVE-2025-64182: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter (the deprecated OpenEXR.InputFile wrapper) allow crashes and likely code execution wh

CVE-2025-64183 [MEDIUM] CVE-2025-64183: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObject_StealAttrString of pyOpenEXR_old.cpp. The legacy adapter defines PyObject_StealAttrString that calls PyO

CVE-2025-64181 [LOW] CVE-2025-64181: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uniniti

CVE-2025-48073 [MEDIUM] CVE-2025-48073: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in vers

CVE-2025-48072 [MEDIUM] CVE-2025-48072: openexr - OpenEXR provides the specification and reference implementation of the EXR file ... OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.