CVE-2026-26981

Exploit

EPSS 0.03%
Veröffentlicht 24.02.2026 02:26:16
Zuletzt bearbeitet 25.02.2026 17:30:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openexr ≫ Openexr Version >= 3.3.0 < 3.3.7

Openexr ≫ Openexr Version >= 3.4.0 < 3.4.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-195 Signed to Unsigned Conversion Error

The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c

Vendor Advisory

Exploit

https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef

Patch

https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-26981

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26981

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26981

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26981