CVE-2026-34378
Last modified
CVE-2026-34378 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negative value, OpenEXRCore computes an enormous image width, which is later used in a signed integer multiplication that overflows, causing the process to terminate with SIGILL via UBSan. This vulnerability is fixed in 3.4.9.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openexr | Openexr | >= 3.4.0, < 3.4.9 |
References
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9Product, Release Notes
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4gExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-34378?
How severe is CVE-2026-34378?
How do I fix CVE-2026-34378?
Are you affected by CVE-2026-34378?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST