CVE-2026-40250
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internal_dwa_compressor.h:1040 performs chan->width * chan->bytes_per_element in int32 arithmetic without a (size_t) cast. This is the same overflow pattern fixed in other decoders by CVE-2026-34589/34588/34544, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses internal_dwa_compressor.h:1040.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AcademySoftwareFoundation | openexr | >= 3.2.0, < 3.2.8 | affected |
| AcademySoftwareFoundation | openexr | >= 3.3.0, < 3.3.10 | affected |
| AcademySoftwareFoundation | openexr | >= 3.4.0, < 3.4.10 | affected |
Weaknesses
- CWE-190: CWE-190: Integer Overflow or Wraparound
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m5qw-23x2-6phj
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.