CVE-2026-40244
8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internal_dwa_compressor.h:1722 performs curc->width * curc->height in int32 arithmetic without a (size_t) cast. This is the same overflow pattern fixed in other locations by the recent CVE-2026-34589 batch, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses internal_dwa_compressor.h:1722.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AcademySoftwareFoundation | openexr | >= 3.2.0, < 3.2.8 | affected |
| AcademySoftwareFoundation | openexr | >= 3.3.0, < 3.3.10 | affected |
| AcademySoftwareFoundation | openexr | >= 3.4.0, < 3.4.10 | affected |
Weaknesses
- CWE-190: CWE-190: Integer Overflow or Wraparound
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
OpenEXR: OpenEXR: Arbitrary code execution via integer overflow in EXR image processing
Additional References
- https://access.redhat.com/security/cve/CVE-2026-40244
- https://bugzilla.redhat.com/show_bug.cgi?id=2459955
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40244.json
References
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-j526-66f6-fxhx
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.