AIKIDO-2026-10498
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow
84
High Risk
This Affects:
AcademySoftwareFoundation.openexrTL;DR
Affected versions of this package are vulnerable to out-of-bounds memory writes in the DWA lossy decoder due to signed integer overflow during pointer construction. The decoder computes per-component block offsets using signed 32-bit arithmetic, where the calculation of numBlocksX * 64 can overflow for large image widths and produce wrapped pointers outside the allocated rowBlock buffer. These corrupted pointers are later used during the DCT reconstruction path, causing writes to invalid memory. An attacker able to supply a crafted DWAA scanline file can trigger the overflow and subsequent out-of-bounds access, leading to crashes or undefined behavior during decoding.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow in versions 3.4.0 - 3.4.8, 3.3.0 - 3.3.8 and 3.2.0 - 3.2.6.
How to fix this
Upgrade the AcademySoftwareFoundation.openexr library to the patch version.
Links
GitHub Releases
github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant