OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.
References
| Link | Resource |
|---|---|
| https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee | Patch |
| https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8 | Product Release Notes |
| https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Apr 2026, 20:13
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Openexr
Openexr openexr |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.3 |
| CPE | cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:* | |
| References | () https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee - Patch | |
| References | () https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8 - Product, Release Notes | |
| References | () https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v - Exploit, Vendor Advisory |
01 Apr 2026, 21:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-01 21:17
Updated : 2026-04-07 20:13
NVD link : CVE-2026-34544
Mitre link : CVE-2026-34544
CVE.ORG link : CVE-2026-34544
JSON object : View
Products Affected
openexr
- openexr