CVE-2026-40244 in OpenEXRinfo

Zusammenfassung

von MITRE • 21.04.2026

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1722` performs `curc->width * curc->height` in `int32` arithmetic without a `(size_t)` cast. This is the same overflow pattern fixed in other locations by the recent CVE-2026-34589 batch, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses `internal_dwa_compressor.h:1722`.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

10.04.2026

Veröffentlichung

21.04.2026

Moderieren

akzeptiert

Eintrag

VDB-358384

CPE

bereit

CWE

CWE-190 (bestätigt)

CVSS

6.3 (VulDB)

EPSS

0.00033

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40244
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40244
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40244/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!