Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.
Published: 2026-04-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑Bounds Write
Action: Apply Patch
AI Analysis

Impact

OpenEXR versions 3.4.0 through 3.4.7 allow a crafted B44 or B44A EXR file to trigger an integer overflow during decompression, resulting in an out‑of‑bounds write in any application that decodes the file. This flaw can cause the application to crash or corrupt adjacent heap allocations, potentially leading to data loss or denial of service.

Affected Systems

The vulnerability affects the AcademySoftwareFoundation OpenEXR library, specifically all releases prior to 3.4.8. Any program that uses exr_decoding_run to load B44 or B44A images from external sources is at risk.

Risk and Exploitability

The CVSS score of 8.4 signals a high severity flaw, while the EPSS probability is under 1% and it is not listed in the KEV catalog. The likely attack vector is an attacker supplying a malicious EXR file to a vulnerable application; the exploit requires the file to be processed, so it can be considered a file‑based local or remote vulnerability depending on the application’s context.

Generated by OpenCVE AI on April 7, 2026 at 21:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the OpenEXR library to version 3.4.8 or later.
  • Confirm that all applications using EXR decoding have been rebuilt against the updated library.

Generated by OpenCVE AI on April 7, 2026 at 21:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-h762-rhv3-h25v OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
History

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Openexr
Openexr openexr
CPEs cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
Vendors & Products Openexr
Openexr openexr
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

 cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Academysoftwarefoundation
Academysoftwarefoundation openexr
Vendors & Products Academysoftwarefoundation
Academysoftwarefoundation openexr
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

threat_severity

Moderate

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.
Title OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
Weaknesses CWE-190
CWE-787
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Academysoftwarefoundation Openexr
Openexr Openexr
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T18:02:56.427Z

Reserved: 2026-03-30T16:31:39.264Z

Link: CVE-2026-34544

cve-icon Vulnrichment

Updated: 2026-04-02T18:02:50.893Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T21:17:01.480

Modified: 2026-04-07T20:13:31.237

Link: CVE-2026-34544

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-01T20:55:30Z

Links: CVE-2026-34544 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:49Z

Weaknesses