CVE-2026-27622

CVE Details

Release Date:	2026-03-03
Impact:	Important	What is this?

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.

See more information about CVE-2026-27622 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	7.4
Vector String:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	High
Privileges Required:	None
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	High
Integrity Impact:	High
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 10 (openexr)	ELSA-2026-7682	2026-04-13