Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

openexr — Vulnerabilities & Security Advisories 48

All 48 CVE vulnerabilities found in openexr, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known vulnerabilities and weaknesses associated with OpenEXR, an open-source high dynamic range image file format developed by Industrial Light & Magic. It serves as a centralized resource for tracking security issues affecting this specific image processing library and its related components. The content on this page collects a comprehensive range of vulnerabilities, including buffer overflows, integer overflows, use-after-free errors, and improper input validation flaws that have been reported for OpenEXR. The time range covered spans from the earliest recorded disclosures up to the most recent updates, ensuring that both legacy issues and newly discovered problems are accessible for review. This historical perspective allows users to assess the long-term security posture of the software across different versions and releases. Here, you can discover critical details about how the vendor addresses security concerns and issues advisories. You can also deepen your understanding of specific weakness classes, such as those defined in the Common Weakness Enumeration, to better comprehend the nature of the flaws. Additionally, the page provides a clear view of a product’s vulnerability history, enabling developers and security analysts to trace the evolution of security patches, identify recurring patterns in bugs, and make informed decisions about system updates and mitigation strategies without needing to search through disparate sources.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-42217 OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`) CWE-190 8.1AIHighAI2026-05-07
CVE-2026-42216 OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion CWE-125 9.1AICriticalAI2026-05-07
CVE-2026-41142 OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API CWE-190 8.8 High2026-05-07
CVE-2026-40250 OpenEXR has integer overflow in DWA decoder outBufferEnd pointer arithmetic (missed variant of CVE-2026-34589) CWE-190 8.1AIHighAI2026-04-21
CVE-2026-40244 OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589) CWE-190 7.5AIHighAI2026-04-21
CVE-2026-39886 OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl() CWE-190 5.3 Medium2026-04-21
CVE-2026-34589 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write CWE-190 9.1 -2026-04-06
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write CWE-125 6.8 -2026-04-06
CVE-2026-34380 OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression CWE-190 5.9 Medium2026-04-06
CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression) CWE-704 7.1 High2026-04-06
CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x CWE-190 6.5 Medium2026-04-06
CVE-2026-34543 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl) CWE-908 5.5AIMediumAI2026-04-01
CVE-2026-34544 OpenEXR: integer overflow to OOB write in uncompress_b44_impl() CWE-190 8.8AIHighAI2026-04-01
CVE-2026-34545 OpenEXR: integer overflow lead to OOB in HTJ2K decoder CWE-122 9.6AICriticalAI2026-04-01
CVE-2026-27622 OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write CWE-787 7.7AIHighAI2026-03-03
CVE-2026-26981 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp CWE-195 6.5 Medium2026-02-24
CVE-2025-12840 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CWE-122 7.8AIHighAI2025-12-23
CVE-2025-12839 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CWE-122 7.8AIHighAI2025-12-23
CVE-2025-12495 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CWE-122 7.8AIHighAI2025-12-23
CVE-2025-64183 OpenEXR has use after free in PyObject_StealAttrString CWE-416 9.1 -2025-11-10
CVE-2025-64182 OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel() CWE-120 7.8 -2025-11-10
CVE-2025-64181 OpenEXR Makes Use of Uninitialized Memory CWE-457 9.1 -2025-11-10
CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors CWE-770 6.5 -2025-08-01
CVE-2025-48073 OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode CWE-476 7.5AIHighAI2025-07-31
CVE-2025-48072 OpenEXR's Inaccurate Pointer Arithmetic can Cause an Out of Bounds Heap CWE-125 7.8AIHighAI2025-07-31
CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing CWE-122 7.8AIHighAI2025-07-31
CVE-2023-5841 OpenEXR Heap Overflow in Scanline Deep Data Parsing CWE-122 8.8 -2024-02-01
CVE-2021-20298 ILM OpenEXR 缓冲区错误漏洞 CWE-400 7.5 -2022-08-23
CVE-2021-20304 ILM OpenEXR 输入验证错误漏洞 CWE-190 6.5 -2022-08-23
CVE-2021-3941 ILM OpenEXR 数字错误漏洞 CWE-369 6.2 -2022-03-25

All 48 known CVE vulnerabilities affecting openexr with full Chinese analysis, references, and POCs where available.