PyPI: openexr
CVE-2026-26981
Safety vulnerability ID: SFTY-20260406-34412
Safety legacy ID: pyup.io-92079
Affected versions of the OpenEXR package are vulnerable to a Heap Buffer Overflow due to a signed-to-unsigned integer conversion error in the memory-mapped stream reading path. The istream_nonparallel_read function in ImfContextInit.cpp computes a clamped read size by subtracting the projected end offset from the stream size, but when the projected end exceeds the stream size, the result is a negative int64_t value that is implicitly converted to a massive size_t value and passed to memcpy. An attacker who supplies a crafted EXR file can trigger an out-of-bounds heap read, resulting in a crash and Denial of Service.
Overview
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
Advisory
Affected versions of the OpenEXR package are vulnerable to a Heap Buffer Overflow due to a signed-to-unsigned integer conversion error in the memory-mapped stream reading path. The istream_nonparallel_read function in ImfContextInit.cpp computes a clamped read size by subtracting the projected end offset from the stream size, but when the projected end exceeds the stream size, the result is a negative int64_t value that is implicitly converted to a massive size_t value and passed to memcpy. An attacker who supplies a crafted EXR file can trigger an out-of-bounds heap read, resulting in a crash and Denial of Service.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260406-34412/CVE-2026-26981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26981
- https://data.safetycli.com/changelogs/openexr/
- https://github.com/advisories/GHSA-q6vj-wxvf-5m8c
- https://pypi.org/project/openexr
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c
- https://nvd.nist.gov/vuln/detail/CVE-2026-26981
- https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef
- https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8
- https://github.com/advisories/GHSA-q6vj-wxvf-5m8c
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more