PyPI: openexr
CVE-2026-34588
Safety vulnerability ID: SFTY-20260408-59849
Safety legacy ID: pyup.io-92197
Affected versions of the OpenEXR package are vulnerable to Out-of-bounds Read and Write due to a signed 32-bit integer overflow in the PIZ decoder’s wavelet buffer pointer advancement within internal_exr_undo_piz() in internal_piz.c. The expression wavbuf += nx * ny * wcount is computed using signed int arithmetic, and a crafted EXR file can cause this product to overflow and wrap, positioning the working pointer outside the allocated scratch buffer so that subsequent wavelet decode operations in wdec14_4() read from and write to out-of-bounds heap memory. An attacker can supply a specially crafted EXR file to trigger heap memory corruption, potentially leading to process crash or further exploitation outcomes depending on allocator layout.
Overview
OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
Advisory
Affected versions of the OpenEXR package are vulnerable to Out-of-bounds Read and Write due to a signed 32-bit integer overflow in the PIZ decoder’s wavelet buffer pointer advancement within internal_exr_undo_piz() in internal_piz.c. The expression wavbuf += nx * ny * wcount is computed using signed int arithmetic, and a crafted EXR file can cause this product to overflow and wrap, positioning the working pointer outside the allocated scratch buffer so that subsequent wavelet decode operations in wdec14_4() read from and write to out-of-bounds heap memory. An attacker can supply a specially crafted EXR file to trigger heap memory corruption, potentially leading to process crash or further exploitation outcomes depending on allocator layout.
Affected Package
Also affects
---
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260408-59849/CVE-2026-34588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34588
- https://data.safetycli.com/changelogs/openexr/
- https://github.com/advisories/GHSA-588r-cr5c-w6hf
- https://pypi.org/project/openexr
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf
- https://nvd.nist.gov/vuln/detail/CVE-2026-34588
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9
- https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9
- https://github.com/advisories/GHSA-588r-cr5c-w6hf
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more