CVE-2026-34380: OpenEXR Integer Overflow (3.2.0-3.4.9)
Platform
c
Component
openexr
Fixed in
3.2.7
CVE-2026-34380 describes an Integer Overflow vulnerability found within the OpenEXR library, a specification and reference implementation for the EXR image file format used in the motion picture industry. This overflow, occurring in the undo_pxr24_impl() function, can result in undefined behavior and potential security implications due to two's-complement wraparound. The vulnerability affects versions 3.2.0 through 3.4.8, and a patch is available in version 3.2.7.
How to fix
Actualice la biblioteca OpenEXR a la versión 3.2.7 o superior, 3.3.9 o superior, o 3.4.9 o superior para mitigar el riesgo de desbordamiento de enteros con signo que podría permitir eludir las comprobaciones de límites durante la descompresión PXR24.
Frequently asked questions
What is CVE-2026-34380?
CVE-2026-34380 is a MEDIUM severity Integer Overflow vulnerability in OpenEXR. It arises from an unchecked multiplication that can lead to undefined behavior when processing image data, specifically within the undo_pxr24_impl() function.
Am I affected by this vulnerability?
You are potentially affected if you are using OpenEXR versions 3.2.0–>= 3.4.0, < 3.4.9. If you are using a version within this range, you should upgrade to mitigate the risk.
How do I fix this vulnerability?
The vulnerability is fixed in OpenEXR version 3.2.7. Upgrade to this version or a later version to address the Integer Overflow and ensure the stability and security of your system.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free