CVE-2026-34544

HIGH

OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

Title source: cna

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.

References (3)

[X_Refsource_Confirm] https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v

[X_Refsource_Misc] https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee

View Writeup ZIP pw:eip

[X_Refsource_Misc] https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-190 CWE-787

Status published

Products (3)

AcademySoftwareFoundation/openexr >= 3.4.0, < 3.4.8

openexr/openexr 3.2.0 - 3.2.7

pypi/openexr 3.4.0 - 3.4.8PyPI

Published Apr 01, 2026

Tracked Since Apr 02, 2026