HIGH🇵🇱 Wersja polska

CVE-2026-42216

CVSS 8.8v4.0pub. 2026-05-07upd. 2026-06-30

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed representation. If the previous string is longer than 255 bytes, the next string is expected to begin with a 2-byte prefix length. The code reads stringList[i][0] and stringList[i][1] without checking that the current string has at least two bytes. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Openexr

    APP
    Openexr
    3.0.0 – 3.2.9 (bez)3.3.0 – 3.3.11 (bez)3.4.0 – 3.4.11 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-5841CRITICAL9.1PL ✓ten sam produkt

Heap-based buffer overflow w bibliotece OpenEXR przy parsowaniu deep scanline

CVE-2026-45696HIGH8.3ten sam produkt

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion ...

CVE-2026-41142HIGH8.8ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...

CVE-2026-40244HIGH8.4ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...

CVE-2026-40250HIGH8.4ten sam produkt

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma...