CVE-2026-34544
Received Received - Intake

Out-of-Bounds Write in OpenEXR B44/B44A Decoding Causes Crashes

Vulnerability report for CVE-2026-34544, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-01

Last updated on: 2026-04-07

Assigner: GitHub, Inc.

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-01
Last Modified
2026-04-07
Generated
2026-07-06
AI Q&A
2026-04-02
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
openexr openexr From 3.4.0 (inc) to 3.4.8 (exc)
openexr openexr From 3.2.0 (inc) to 3.2.7 (exc)
openexr openexr From 3.3.0 (inc) to 3.3.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenEXR versions from 3.4.0 up to but not including 3.4.8. It involves a crafted B44 or B44A EXR file that can trigger an out-of-bounds write when decoded by any application using the exr_decoding_run() function.

An out-of-bounds write means that the program writes data outside the allocated memory buffer, which can lead to unpredictable behavior.

The consequences of this vulnerability can range from an immediate crash of the application to corruption of adjacent heap memory, depending on the memory layout.

This issue was fixed in OpenEXR version 3.4.8.

Impact Analysis

The vulnerability can impact you by causing applications that decode maliciously crafted EXR files to crash unexpectedly.

In some cases, it can lead to corruption of adjacent heap memory, which might cause data corruption or unpredictable application behavior.

Such crashes or memory corruptions can disrupt workflows, cause loss of data, or potentially be exploited further depending on the context.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade OpenEXR to version 3.4.8 or later, where the issue has been patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34544. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart