AIKIDO-2026-10625
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow
82
High Risk
This Affects:
AcademySoftwareFoundation.openexrTL;DR
Affected versions of this package are vulnerable to memory corruption when decoding DWA-compressed EXR files. A signed 32-bit multiplication of channel width and bytes-per-element can overflow for crafted dimensions, shifting the end-of-buffer guard and letting the decoder write past the buffer end.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
AcademySoftwareFoundation.openexr is vulnerable to Integer Overflow in versions 3.4.0 - 3.4.9, 3.3.0 - 3.3.9 and 3.2.0 - 3.2.7.
How to fix this
Upgrade the AcademySoftwareFoundation.openexr library to the patch version.
Links
GitHub Releases
github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant