Signed Integer Overflow in OpenEXR Image Storage Format by Academy Software Foundation
CVE-2026-34378

6.5MEDIUM

Key Information:

Vendor: Academysoftwarefoundation
Status: Openexr
Vendor: CVE Published:; 6 April 2026

🔔 Create Academysoftwarefoundation Vulnerability Alert

What is CVE-2026-34378?

A vulnerability in OpenEXR versions 3.4.0 through 3.4.8 allows an attacker to manipulate the dataWindow attribute in EXR file headers, exploiting a missing bounds check. By setting dataWindow.min.x to a significantly negative value, this can result in a computed image width that exceeds the intended limit. Consequently, during a signed integer multiplication in the generic_unpack() function, an overflow occurs, leading to a process termination with a SIGILL signal via Undefined Behavior Sanitizer (UBSan). This flaw has been rectified in version 3.4.9.

Affected Version(s)

openexr >= 3.4.0, < 3.4.9

References

https://github.com/AcademySoftwareFoundation/openexr/secu...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34378 Data

JSON