CVE-2026-40250 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4…
High CVSS: 8.4

CVE-2026-40250

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1040` performs `chan->width * chan->bytes_per_element` in `int32` arithmetic without a `(size_t)` cast. This is the same overflow pattern fixed in other decoders by CVE-2026-34589/34588/34544, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses `internal_dwa_compressor.h:1040`.
Vendor
-
Product
-
CWE
CWE-190
Yayın Tarihi
2026-04-21 02:16:08
Güncelleme
2026-04-21 02:16:08
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-190 HIGH 2026

Referanslar

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10 https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m5qw-23x2-6phj