CVE-2026-27622

EUVD-2026-9342
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32.  overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
openexropenexr
𝑥
< 3.2.6
openexropenexr
3.3.0 ≤
𝑥
< 3.3.8
openexropenexr
3.4.0 ≤
𝑥
< 3.4.6
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
Red HatRed Hat Enterprise Linux 10
0:3.1.10-8.el10_1.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support
0:3.1.10-8.el10_0.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8
0:2.2.0-12.el8_10.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support
0:2.2.0-11.el8_2.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:2.2.0-12.el8_4.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
0:2.2.0-12.el8_4.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
0:2.2.0-12.el8_6.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service
0:2.2.0-12.el8_6.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
0:2.2.0-12.el8_6.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service
0:2.2.0-12.el8_8.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions
0:2.2.0-12.el8_8.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
0:3.1.1-3.el9_7.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
0:3.1.1-2.el9_0.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions
0:3.1.1-2.el9_2.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support
0:3.1.1-2.el9_4.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support
0:3.1.1-3.el9_6.1 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1778244559 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1778244531 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1778274666 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1778244546 ≤
𝑥
< *
ADP
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
OpenEXR-devel
RHEL 8
0:2.2.0-12.el8_10.1
fixed
OpenEXR-libs
RHEL 8
0:2.2.0-12.el8_10.1
fixed
openexr
RHEL 9
0:3.1.1-3.el9_7.1
fixed
openexr-devel
RHEL 9
0:3.1.1-3.el9_7.1
fixed
openexr-libs
RHEL 9
0:3.1.1-3.el9_7.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
openexr
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.7
fixed
openexr-debuginfo
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.7
fixed
openexr-debugsource
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.7
fixed
openexr-devel
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.7
fixed
openexr-libs
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.7
fixed
openexr-libs-debuginfo
Amazon Linux 2023
0:3.1.5-1.amzn2023.0.7
fixed