Vulnerability in Academysoftwarefoundation Openexr

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leak…

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Academysoftwarefoundation Openexr — versions >= 3.4.0, < 3.4.8

Weakness classification (CWE)

CWE-908 — Use of Uninitialized Resource

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vc68-257w-m432 (x_refsource_CONFIRM)
https://github.com/AcademySoftwareFoundation/openexr/commit/5f6d0aaa9e43802917af7db90f181e88e083d3b8 (x_refsource_MISC)
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8 (x_refsource_MISC)