MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2026-26981

CVSS 6.5v3.1pub. 2026-02-24upd. 2026-02-25

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Openexr

    APP
    Openexr
    3.3.0 – 3.3.7 (bez)3.4.0 – 3.4.5 (bez)
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-5841CRITICAL9.1PL βœ“ten sam produkt

Heap-based buffer overflow w bibliotece OpenEXR przy parsowaniu deep scanline

CVE-2026-45696HIGH8.3ten sam produkt

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion ...

CVE-2026-41142HIGH8.8ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...

CVE-2026-42216HIGH8.8ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...

CVE-2026-40244HIGH8.4ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...

CVE-2026-26981 β€” Openexr β€” MEDIUM β€” CVSS 6.5 | CVEbaza.pl