PyPI: openexr
CVE-2026-34544
Safety vulnerability ID: SFTY-20260403-78600
Safety legacy ID: pyup.io-91731
Affected versions of the openexr package are vulnerable to Out-of-bounds Write due to a signed integer overflow in the uncompress_b44_impl() function within internal_b44.c, where the row pointer arithmetic y * nx is computed using int types that overflow when the channel width is sufficiently large. The overflow causes the row pointers row0 through row3 to wrap to addresses before the scratch buffer, and subsequent memcpy() calls write decoded B44 pixel blocks to these invalid locations, producing a heap-based out-of-bounds write. An attacker can craft a malicious B44 or B44A EXR file that, when decoded via exr_decoding_run(), triggers a crash or potentially corrupts adjacent heap allocations.
Overview
OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
Advisory
Affected versions of the openexr package are vulnerable to Out-of-bounds Write due to a signed integer overflow in the uncompress_b44_impl() function within internal_b44.c, where the row pointer arithmetic y * nx is computed using int types that overflow when the channel width is sufficiently large. The overflow causes the row pointers row0 through row3 to wrap to addresses before the scratch buffer, and subsequent memcpy() calls write decoded B44 pixel blocks to these invalid locations, producing a heap-based out-of-bounds write. An attacker can craft a malicious B44 or B44A EXR file that, when decoded via exr_decoding_run(), triggers a crash or potentially corrupts adjacent heap allocations.
Affected Package
Also affects
---
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260403-78600/CVE-2026-34544
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34544
- https://data.safetycli.com/changelogs/openexr/
- https://github.com/advisories/GHSA-h762-rhv3-h25v
- https://pypi.org/project/openexr
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v
- https://nvd.nist.gov/vuln/detail/CVE-2026-34544
- https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8
- https://github.com/advisories/GHSA-h762-rhv3-h25v
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more