HIGH🇵🇱 Wersja polska

CVE-2026-41142

CVSS 8.8v3.1pub. 2026-05-07upd. 2026-06-30

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to heap OOB write via OpenEXRUtil public API. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Openexr

    APP
    Openexr
    3.0.0 – 3.2.9 (bez)3.3.0 – 3.3.11 (bez)3.4.0 – 3.4.11 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-5841CRITICAL9.1PL ✓ten sam produkt

Heap-based buffer overflow w bibliotece OpenEXR przy parsowaniu deep scanline

CVE-2026-45696HIGH8.3ten sam produkt

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion ...

CVE-2026-42216HIGH8.8ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...

CVE-2026-40244HIGH8.4ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...

CVE-2026-40250HIGH8.4ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...