CVE-2026-40244 in OpenEXRالمعلومات

الملخص

بحسب MITRE • 21/04/2026

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1722` performs `curc->width * curc->height` in `int32` arithmetic without a `(size_t)` cast. This is the same overflow pattern fixed in other locations by the recent CVE-2026-34589 batch, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses `internal_dwa_compressor.h:1722`.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

10/04/2026

إفشاء

21/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-358384

CPE

جاهز

CWE

CWE-190 (مؤكد)

CVSS

6.3 (VulDB)

EPSS

0.00033

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40244
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40244
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40244/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!