Moderate severityNVD Advisory· Published Feb 24, 2026· Updated Feb 24, 2026
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
CVE-2026-26981
Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the istream_nonparallel_read function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer subtraction produces a negative value that is implicitly converted to size_t, resulting in a massive length being passed to memcpy. Versions 3.3.7 and 3.4.5 contain a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
OpenEXRPyPI | >= 3.3.0, < 3.3.7 | 3.3.7 |
OpenEXRPyPI | >= 3.4.0, < 3.4.5 | 3.4.5 |
Affected products
19- osv-coords18 versionspkg:apk/chainguard/openexrpkg:apk/chainguard/openexr-devpkg:apk/chainguard/openexr-docpkg:apk/chainguard/openexr-libiexpkg:apk/chainguard/openexr-libilmthreadpkg:apk/chainguard/openexr-libopenexrpkg:apk/chainguard/openexr-libopenexrcorepkg:apk/chainguard/openexr-libopenexrutilpkg:apk/wolfi/openexrpkg:apk/wolfi/openexr-devpkg:apk/wolfi/openexr-docpkg:apk/wolfi/openexr-libiexpkg:apk/wolfi/openexr-libilmthreadpkg:apk/wolfi/openexr-libopenexrpkg:apk/wolfi/openexr-libopenexrcorepkg:apk/wolfi/openexr-libopenexrutilpkg:pypi/openexrpkg:rpm/opensuse/openexr&distro=openSUSE%20Tumbleweed
< 3.4.5-r0+ 17 more
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: < 3.4.5-r0
- (no CPE)range: >= 3.3.0, < 3.3.7
- (no CPE)range: < 3.4.5-1.1
- AcademySoftwareFoundation/openexrv5Range: >= 3.3.0, < 3.3.7
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-q6vj-wxvf-5m8cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-26981ghsaADVISORY
- github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cefghsax_refsource_MISCWEB
- github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8ghsax_refsource_MISCWEB
- github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8cghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.