Bug 2490759 - CVE-2026-45696 usd: OpenEXR: Denial of Service and potential information disclosure via crafted EXR file [fedora-all]
Summary: CVE-2026-45696 usd: OpenEXR: Denial of Service and potential information disc...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: usd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Luya Tshimbalanga
QA Contact:
URL:
Whiteboard: {"flaws": ["a7d3ea5e-12e6-471b-bcd0-8...
Depends On:
Blocks: CVE-2026-45696
TreeView+ depends on / blocked
 
Reported: 2026-06-19 14:41 UTC by Srikanth Balasubramanian
Modified: 2026-06-19 19:55 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-06-19 19:55:27 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Srikanth Balasubramanian 2026-06-19 14:41:45 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Ben Beasley 2026-06-19 19:55:27 UTC
https://www.cve.org/CVERecord?id=CVE-2026-45696
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf

It looks like OpenUSD doesn’t contain the ht_undo_impl() routine.


Note You need to log in before you can comment on or make changes to this bug.