OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write
Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
OpenEXRPyPI | >= 2.3.0, < 3.2.6 | 3.2.6 |
OpenEXRPyPI | >= 3.3.0, < 3.3.8 | 3.3.8 |
OpenEXRPyPI | >= 3.4.0, < 3.4.6 | 3.4.6 |
Affected products
11- ghsa-coords10 versionspkg:pypi/openexrpkg:rpm/almalinux/openexrpkg:rpm/almalinux/openexr-develpkg:rpm/almalinux/OpenEXR-develpkg:rpm/almalinux/openexr-libspkg:rpm/almalinux/OpenEXR-libspkg:rpm/opensuse/openexr&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/openexr&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/openexr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
>= 2.3.0, < 3.2.6+ 9 more
- (no CPE)range: >= 2.3.0, < 3.2.6
- (no CPE)range: < 3.1.10-8.el10_1.1
- (no CPE)range: < 3.1.10-8.el10_1.1
- (no CPE)range: < 2.2.0-12.el8_10.1
- (no CPE)range: < 3.1.10-8.el10_1.1
- (no CPE)range: < 2.2.0-12.el8_10.1
- (no CPE)range: < 3.2.2-160000.5.1
- (no CPE)range: < 3.4.6-1.1
- (no CPE)range: < 3.2.2-160000.5.1
- (no CPE)range: < 3.2.2-160000.5.1
- AcademySoftwareFoundation/openexrv5Range: >= 2.3.0, < 3.2.6
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-cr4v-6jm6-4963ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27622ghsaADVISORY
- github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.