Plattform
c
Komponente
openexr
Behoben in
3.2.1
3.3.1
3.4.1
CVE-2026-34379 describes a memory corruption vulnerability discovered in OpenEXR, a library for handling EXR image files. This flaw stems from a misaligned memory write within the LossyDctDecoder_execute() function during the decoding of DWA or DWAB-compressed EXR files containing FLOAT-type channels. Affected versions include OpenEXR 3.2.0 through 3.4.8. A fix is available in version 3.2.7.
An attacker could exploit this vulnerability by crafting a malicious EXR file containing a DWA or DWAB-compressed FLOAT channel. When OpenEXR attempts to decode this file, the unaligned memory write can lead to a crash, denial of service, or potentially arbitrary code execution, depending on the system's memory protection mechanisms. The impact is particularly concerning in environments where EXR files are processed automatically, such as image processing pipelines or rendering farms. Successful exploitation could allow an attacker to compromise the system processing the malicious file, potentially gaining control or exfiltrating sensitive data.
This vulnerability was publicly disclosed on 2026-04-06. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the nature of the memory corruption vulnerability suggests a potential for exploitation if a reliable exploit technique is developed. The CVSS score of 7.1 (HIGH) reflects the potential for significant impact.
Motion picture production studios and post-production houses that rely on OpenEXR for image processing are particularly at risk. Systems involved in automated image processing pipelines, especially those handling user-uploaded EXR files, are also vulnerable. Any environment utilizing older, unpatched versions of OpenEXR is potentially exposed.
• linux / server:
journalctl -g "OpenEXR" -f | grep -i "memory access violation"• c: (Requires debugging tools and memory analysis)
Examine core dumps or crash reports related to OpenEXR for memory access violations within the LossyDctDecoder_execute() function. Use debuggers like GDB to step through the code and identify the misaligned memory write.
• generic web:
Monitor web server access logs for requests containing EXR files with unusual compression or channel types. Look for patterns that might indicate malicious file uploads or processing.
disclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-34379 is to upgrade to OpenEXR version 3.2.7 or later. If upgrading is not immediately feasible, consider implementing input validation to reject EXR files with DWA or DWAB compression containing FLOAT channels. WAFs or proxies can be configured to block requests containing such files. While a specific Sigma or YARA rule is not readily available, monitoring memory access patterns during EXR decoding could potentially identify anomalous behavior. After upgrading, confirm the fix by attempting to decode a known malicious EXR file (if available) or by performing regression testing of image processing workflows.
Aktualisieren Sie die OpenEXR-Bibliothek auf Version 3.2.7 oder höher, 3.3.9 oder höher oder 3.4.9 oder höher, um die Schwachstelle zu mindern. Das Update behebt den Fehler der fehlerhaften Schreiboperation in der Funktion LossyDctDecoder_execute, wodurch undefiniertes Verhalten und mögliche Abstürze vermieden werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-34379 is a HIGH severity memory corruption vulnerability in OpenEXR versions 3.2.0 through 3.4.8, allowing potential code execution via a malformed EXR file.
You are affected if you are using OpenEXR versions 3.2.0 through 3.4.8. Check your installed version and upgrade if necessary.
Upgrade to OpenEXR version 3.2.7 or later to resolve this vulnerability. If immediate upgrade is not possible, implement input validation for EXR files.
Currently, there are no confirmed reports of active exploitation, but the HIGH severity score suggests a potential risk.
Refer to the OpenEXR project's security advisories and release notes for the latest information: [https://www.openexr.org/](https://www.openexr.org/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.