CVE-2026-27622
EUVD-2026-934203.03.2026, 23:15
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openexr | openexr | 𝑥 < 3.2.6 |
| openexr | openexr | 3.3.0 ≤ 𝑥 < 3.3.8 |
| openexr | openexr | 3.4.0 ≤ 𝑥 < 3.4.6 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | 0:3.1.10-8.el10_1.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:3.1.10-8.el10_0.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.2.0-12.el8_10.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 0:2.2.0-11.el8_2.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:2.2.0-12.el8_4.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:2.2.0-12.el8_4.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:2.2.0-12.el8_6.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:2.2.0-12.el8_6.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:2.2.0-12.el8_6.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:2.2.0-12.el8_8.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:2.2.0-12.el8_8.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9 | 0:3.1.1-3.el9_7.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:3.1.1-2.el9_0.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:3.1.1-2.el9_2.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:3.1.1-2.el9_4.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:3.1.1-3.el9_6.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat AI Inference Server 3.3 | 1778244559 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat AI Inference Server 3.3 | 1778244531 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat AI Inference Server 3.3 | 1778274666 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat AI Inference Server 3.3 | 1778244546 ≤ 𝑥 < * | ADP |
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| openexr |
| ||
| openexr-debuginfo |
| ||
| openexr-debugsource |
| ||
| openexr-devel |
| ||
| openexr-libs |
| ||
| openexr-libs-debuginfo |
|
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-190 - Integer Overflow or WraparoundThe software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
References