CVE-2026-34544
HIGHOpenEXR: integer overflow to OOB write in uncompress_b44_impl()
Title source: cnaDescription
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.
References (3)
Core 3
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v
X_Refsource_Misc x_refsource_misc
https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee
X_Refsource_Misc x_refsource_misc
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8
Scores
CVSS v3
7.3
EPSS
0.0024
EPSS Percentile
15.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-190
CWE-787
Status
published
Products (3)
AcademySoftwareFoundation/openexr
>= 3.4.0, < 3.4.8
openexr/openexr
3.2.0 - 3.2.7
pypi/openexr
3.4.0 - 3.4.8PyPI
Published
Apr 01, 2026
Tracked Since
Apr 02, 2026