CVE
CVE-2026-34588
OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file (important)
DOCUMENTATION: A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundo_piz() function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow for arbitrary code execution or sensitive information disclosure.
MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.6
-
4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
-
C
H
U
-
Related Resources
No items found.
References
https://access.redhat.com/security/cve/CVE-2026-34588
Basic Information
Ecosystem
