CVE-2026-34545
DOCUMENTATION: A flaw was found in OpenEXR, an image storage format for the motion picture industry. An attacker can exploit this vulnerability by providing a specially crafted .exr file with HTJ2K compression and a specific channel width. This allows controlled data to be written beyond the output heap buffer, leading to a heap write overflow. This issue can ultimately result in remote code execution on systems that decode these malicious EXR images.
STATEMENT: This is an Important vulnerability in OpenEXR that could lead to remote code execution. The flaw occurs when processing a specially crafted EXR image file with HTJ2K compression and a specific channel width, resulting in a heap write overflow. Red Hat products that utilize OpenEXR for image decoding are affected if they process untrusted EXR files.
MITIGATION: Restrict the processing of untrusted OpenEXR image files. Systems should be configured to only decode .exr files from known and trusted sources to prevent exploitation of the heap write overflow vulnerability. This operational control limits exposure to malicious input.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://access.redhat.com/security/cve/CVE-2026-34545
Basic Information
