CVE-2026-34544
OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
2th
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.
| CWE | CWE-190 CWE-787 |
| Vendor | academysoftwarefoundation |
| Product | openexr |
| Published | Apr 1, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for academysoftwarefoundation openexr
Be the first to know when new unknown vulnerabilities affecting academysoftwarefoundation openexr are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
AcademySoftwareFoundation / openexr
>= 3.4.0, < 3.4.8
References
github.com: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v github.com: https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee github.com: https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8