PyPI: openexr

CVE-2026-27622

Safety vulnerability ID: SFTY-20260302-17325

Safety legacy ID: pyup.io-88015

Affected versions of the OpenEXR package are vulnerable to an Out-of-bounds Write due to a 32-bit integer overflow when accumulating deep sample counts, leading to an undersized heap allocation. In CompositeDeepScanLine::readPixels, attacker-influenced values added into vector<unsigned int> total_sizes and then into overall_sample_count can wrap modulo 2^32, so samples[channel].resize(overall_sample_count) allocates too small a buffer while subsequent decoding writes the true (larger) sample volume via generic_unpack_deep_pointers in src/lib/OpenEXRCore/unpack.c.

PythonPyPINVDNVDGitHubGHSA
Created at: Mar 5, 2026Updated at: Mar 5, 2026

Overview

OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write

Advisory

Affected versions of the OpenEXR package are vulnerable to an Out-of-bounds Write due to a 32-bit integer overflow when accumulating deep sample counts, leading to an undersized heap allocation. In CompositeDeepScanLine::readPixels, attacker-influenced values added into vector<unsigned int> total_sizes and then into overall_sample_count can wrap modulo 2^32, so samples[channel].resize(overall_sample_count) allocates too small a buffer while subsequent decoding writes the true (larger) sample volume via generic_unpack_deep_pointers in src/lib/OpenEXRCore/unpack.c.

Affected Package

Affecting openexr package, versions
>=2.3.0, <3.2.6
>=3.3.0, <3.3.8
>=3.4.0, <3.4.6

Also affects

---

How to Fix

Upgrade
openexr
to
3.2.6
3.3.8
3.4.6
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more