CVE-2026-34379
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture indus
CVSS
7.1
High
EPSS
0.3%
p20
KEV
—
Exploit Today
6
0-100
Published: Apr 6, 2026 · Last modified: Jul 15, 2026 · CWE-704 · CWE-787 · CWE-843
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
- github.comhttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7
- github.comhttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9
- github.comhttps://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9
- github.comhttps://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-34379
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2455402
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34379.json