CLSA-2026-1775211239

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1775211239.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1775211239
Upstream
Published
2026-04-03T10:14:03Z
Modified
2026-06-01T00:32:46.374001224Z
Summary
openexr: Fix of 4 CVEs
Details
  • CVE-2025-12495 CVE-2025-12839 CVE-2025-12840: fix heap buffer overflows in the C core decoding pipeline (missing nread validation in exrreadchunk, missing packed/unpacked size check for uncompressed tiles, missing storage_mode guard in chunk offset computation)
  • CVE-2025-64181: fix use of uninitialized memory caused by incompletely populated scratch buffers (addressed by the same precondition guards in chunk.c and parse_header.c)
References

Affected packages

TuxCare:AlmaLinux:9.6 / openexr

Package

Name
openexr
Purl
pkg:rpm/tuxcare/openexr?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-3.el9.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1775211239.json"

TuxCare:AlmaLinux:9.6 / openexr-devel

Package

Name
openexr-devel
Purl
pkg:rpm/tuxcare/openexr-devel?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-3.el9.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1775211239.json"

TuxCare:AlmaLinux:9.6 / openexr-libs

Package

Name
openexr-libs
Purl
pkg:rpm/tuxcare/openexr-libs?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-3.el9.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1775211239.json"