CVE-2026-26981
MEDIUMOpenEXR 3.3.0-3.3.6/3.4.0-3.4.4 - Memory Corruption
Title source: llmDescription
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c
Scores
CVSS v3
6.5
EPSS
0.0003
EPSS Percentile
6.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-195
Status
published
Products (2)
openexr/openexr
3.3.0 - 3.3.7
pypi/OpenEXR
3.3.0 - 3.3.7PyPI
Published
Feb 24, 2026
Tracked Since
Feb 24, 2026