Integer overflow in Academysoftwarefoundation Openexr

CVE-2026-40250

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_c…

Vulnerability class: Integer Overflow

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

Affected products

Academysoftwarefoundation Openexr — versions >= 3.2.0, < 3.2.8, >= 3.3.0, < 3.3.10, >= 3.4.0, < 3.4.10

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m5qw-23x2-6phj (x_refsource_CONFIRM)
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8 (x_refsource_MISC)
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10 (x_refsource_MISC)
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10 (x_refsource_MISC)