AIKIDO-2026-10624
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow
53
Medium Risk
This Affects:
AcademySoftwareFoundation.openexrTL;DR
Affected versions of this package are vulnerable to memory corruption when decoding DWA-compressed EXR files. A signed 32-bit multiplication of channel width and height can overflow for crafted dimensions, producing a wrapped pointer that the decoder writes through, causing out-of-bounds writes.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow in versions 3.4.0 - 3.4.9, 3.3.0 - 3.3.9 and 3.2.0 - 3.2.7.
How to fix this
Upgrade the AcademySoftwareFoundation.openexr library to the patch version.
Links
GitHub Releases
github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant