OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negative value, OpenEXRCore computes an enormous image width, which is later used in a signed integer multiplication that overflows, causing the process to terminate with SIGILL via UBSan. This vulnerability is fixed in 3.4.9.
References
| Link | Resource |
|---|---|
| https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9 | Product Release Notes |
| https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g | Exploit Vendor Advisory |
Configurations
History
07 Apr 2026, 19:05
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* | |
| First Time |
Openexr
Openexr openexr |
|
| References | () https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9 - Product, Release Notes | |
| References | () https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g - Exploit, Vendor Advisory |
07 Apr 2026, 04:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
06 Apr 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g - |
06 Apr 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-06 16:16
Updated : 2026-04-07 19:05
NVD link : CVE-2026-34378
Mitre link : CVE-2026-34378
CVE.ORG link : CVE-2026-34378
JSON object : View
Products Affected
openexr
- openexr
CWE
CWE-190
Integer Overflow or Wraparound