What is CVE-2026-42217?

CVE-2026-42217 is a critical-severity vulnerability in Academysoftwarefoundation Openexr, classified under Integer Overflow or Wraparound. CVSS score: 9.8/10. Published 2026-05-07.

How severe is CVE-2026-42217?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Integer overflow in Academysoftwarefoundation Openexr

CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readV…

Vulnerability class: Integer Overflow

EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Academysoftwarefoundation Openexr — versions >= 3.0.0, < 3.2.9, >= 3.3.0, < 3.3.11, >= 3.4.0, < 3.4.11
Openexr

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

https://github.com/AcademySoftwareFoundation/openexr/commit/21eaa33bcbbb0c83a5fc42f6b6d65b70a996e63c (Patch, x_refsource_MISC)
https://github.com/AcademySoftwareFoundation/openexr/pull/2378 (Patch, x_refsource_MISC, Issue Tracking)
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3c67-4wwp-w52m (x_refsource_CONFIRM, Exploit, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-42217?: CVE-2026-42217 is a critical-severity vulnerability in Academysoftwarefoundation Openexr, classified under Integer Overflow or Wraparound. CVSS score: 9.8/10. Published 2026-05-07.
How severe is CVE-2026-42217?: Critical severity. CVSS v3 base score is 9.8 out of 10.