CVE-2026-34544

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.

Vulnerability Details

Published Date

April 01, 2026

Last Modified

April 07, 2026

CWE ID

CWE-190

Source

NVD

Vendor

AcademySoftwareFoundation

Product

openexr

External References

https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v

CVE-2026-34544

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment