CVE-2026-34589 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to b…
High CVSS: 8.4

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
Vendor
-
Product
-
CWE
CWE-190
Yayın Tarihi
2026-04-06 16:16:36
Güncelleme
2026-04-07 13:20:11
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-190 HIGH 2026

Referanslar

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9 https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-p8xc-w3q4-h64x