All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2026-34588 | Affected versions of the OpenEXR package are vulnerable to Out-of-bounds Read and Write due to a signed 32-bit integer overflow in the PIZ decoder’s wavelet buffer pointer advancement within internal_… | High | – | – | >=3.1.0,<3.2.7 >=3.3.0,<3.3.9 >=3.4.0,<3.4.9 |
| CVE-2026-34589 | Affected versions of the OpenEXR package are vulnerable to Out-of-bounds Write due to a signed 32-bit integer overflow in the DWA lossy decoder’s per-component block pointer construction within intern… | High | – | – | >=3.2.0,<3.2.7 >=3.3.0,<3.3.9 >=3.4.0,<3.4.9 |
| CVE-2026-34543 | Affected versions of the openexr package are vulnerable to Information Disclosure due to the undo_pxr24_impl() function in internal_pxr24.c ignoring the actual decompressed size returned by exr_uncomp… | High | – | – | >=3.2.0,<=3.2.6 >=3.3.0,<=3.3.8 >=3.4.0,<=3.4.7 |
| CVE-2026-34544 | Affected versions of the openexr package are vulnerable to Out-of-bounds Write due to a signed integer overflow in the uncompress_b44_impl() function within internal_b44.c, where the row pointer arith… | High | – | – | >=3.2.0,<=3.2.6 >=3.3.0,<=3.3.8 >=3.4.0,<=3.4.7 |
| CVE-2026-27622 | Affected versions of the OpenEXR package are vulnerable to an Out-of-bounds Write due to a 32-bit integer overflow when accumulating deep sample counts, leading to an undersized heap allocation. In Co… | High | – | – | >=2.3.0, <3.2.6 >=3.3.0, <3.3.8 >=3.4.0, <3.4.6 |
| CVE-2026-26981 | Affected versions of the OpenEXR package are vulnerable to a Heap Buffer Overflow due to a signed-to-unsigned integer conversion error in the memory-mapped stream reading path. The istream_nonparallel… | Medium | – | – | >=3.3.0,<3.3.7 >=3.4.0,<3.4.5 |
| CVE-2025-64182 | Affected versions of the OpenEXR package are vulnerable to a Buffer Overflow due to an integer overflow and unchecked allocation in the legacy Python adapter. The InputFile.channel() and InputFile.cha… | Medium | – | – | >=3.2.0,<3.2.5 >=3.3.0,<3.3.6 >=3.4.0,<3.4.3 |
| CVE-2025-64183 | Affected versions of the OpenEXR package are vulnerable to a Use After Free due to improper reference counting in the legacy Python adapter. The PyObject_StealAttrString helper function in PyOpenEXR_o… | Medium | – | – | >=3.2.0,<3.2.5 >=3.3.0,<3.3.6 >=3.4.0,<3.4.3 |
| CVE-2025-48074 | Affected versions of the OpenEXR package are vulnerable to Denial of Service (DoS) due to excessive memory allocations. The `readScanline()` function in `ImfCheckFile.cpp` and the `EnvmapImage::resize… | Medium | – | – | ==3.3.2 |
| CVE-2025-64181 | Affected versions of the OpenEXR package are vulnerable to Use of Uninitialised Memory due to insufficient post-decode validation of scratch buffers allocated during tile and scanline processing. The … | Low | – | – | >=3.3.0,<3.3.6 >=3.4.0,<3.4.3 |
Page 1
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.