2455402 – (CVE-2026-34379) CVE-2026-34379 OpenEXR: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding

Bug 2455402 (CVE-2026-34379) - CVE-2026-34379 OpenEXR: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding

Summary: CVE-2026-34379 OpenEXR: OpenEXR: Denial of Service due to misaligned memory w...

Keywords:
Status:	NEW
Alias:	CVE-2026-34379
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2455494 2455495 2455496 2455497
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-06 16:02 UTC by OSIDB Bzimport
Modified:	2026-04-06 17:41 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-06 16:02:43 UTC

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Note You need to log in before you can comment on or make changes to this bug.