2455411 – (CVE-2026-34589) CVE-2026-34589 OpenEXR: OpenEXR: Memory corruption leading to arbitrary code execution or denial of service

Bug 2455411 (CVE-2026-34589) - CVE-2026-34589 OpenEXR: OpenEXR: Memory corruption leading to arbitrary code execution or denial of service

Summary: CVE-2026-34589 OpenEXR: OpenEXR: Memory corruption leading to arbitrary code ...

Keywords:
Status:	NEW
Alias:	CVE-2026-34589
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2455499 2455500 2455498 2455501
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-06 16:03 UTC by OSIDB Bzimport
Modified:	2026-04-06 19:46 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-06 16:03:13 UTC

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Note You need to log in before you can comment on or make changes to this bug.