AIKIDO-2026-10499
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow
86
High Risk
This Affects:
AcademySoftwareFoundation.openexrTL;DR
Affected versions of this package are vulnerable to out-of-bounds memory access in the PIZ decompression path due to signed integer overflow when advancing the wavelet buffer pointer. The decoder updates the working pointer using nx * ny * wcount computed with signed 32-bit arithmetic, which can overflow for crafted image dimensions and cause the pointer to wrap to an incorrect location. Subsequent wavelet decoding then operates in place on this invalid address, resulting in both out-of-bounds reads and writes. An attacker able to supply a specially crafted EXR file can trigger memory corruption and crashes during decoding.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow in versions 3.4.0 - 3.4.8, 3.3.0 - 3.3.8 and 3.1.0 - 3.2.6.
How to fix this
Upgrade the AcademySoftwareFoundation.openexr library to the patch version.
Links
GitHub Releases
github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant