CVE-2026-26981

Summary

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the istream_nonparallel_read function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer subtraction produces a negative value that is implicitly converted to size_t, resulting in a massive length being passed to memcpy. Versions 3.3.7 and 3.4.5 contain a patch.

Affected Software

VendorProductVersion RangeStatus
AcademySoftwareFoundationopenexr>= 3.3.0, < 3.3.7affected
AcademySoftwareFoundationopenexr>= 3.4.0, < 3.4.5affected

Weaknesses

  • CWE-195: CWE-195: Signed to Unsigned Conversion Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References