CVE-2026-26981

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-26981
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26981.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-26981
Aliases
Downstream
Related
Published
2026-02-24T02:26:16.659Z
Modified
2026-04-10T05:37:02.306745Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
Details

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the istream_nonparallel_read function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer subtraction produces a negative value that is implicitly converted to size_t, resulting in a massive length being passed to memcpy. Versions 3.3.7 and 3.4.5 contain a patch.

Database specific 
{
    "cwe_ids": [
        "CWE-195"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26981.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/academysoftwarefoundation/openexr

Affected ranges

Type
GIT
Repo
https://github.com/academysoftwarefoundation/openexr
Events
Introduced
c7d3eac70ccde2c4ed484c6638b83ba872f71464
Fixed
d2b41c84abedf3af0c3b5f2494299037acfa98c3
Database specific 
{
    "versions": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/academysoftwarefoundation/openexr
Events
Introduced
20a65852895894434bea88613f6d29ac8e88bd6e
Fixed
d19b2c3c0bc884a2837e2a60b1caa23dcb5b3296
Database specific 
{
    "versions": [
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.5"
        }
    ]
}

Affected versions

v3.*
v3.3.0
v3.3.0-rc2
v3.3.1
v3.3.1-rc
v3.3.2
v3.3.2-rc
v3.3.2-rc2
v3.3.2-rc3
v3.3.2-rc4
v3.3.3
v3.3.3-rc
v3.3.3-rc1
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc3
v3.3.6
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.3.7-rc
v3.3.7-rc2
v3.3.7-rc3
v3.4.0
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3
v3.4.3-rc
v3.4.3-rc2
v3.4.3-rc3
v3.4.4
v3.4.4-rc
v3.4.4-rc2
v3.4.5-rc

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26981.json"

Git / github.com/openexr/openexr

Affected ranges

Type
GIT
Repo
https://github.com/openexr/openexr
Events
Introduced
c7d3eac70ccde2c4ed484c6638b83ba872f71464
Fixed
d2b41c84abedf3af0c3b5f2494299037acfa98c3
Introduced
20a65852895894434bea88613f6d29ac8e88bd6e
Fixed
d19b2c3c0bc884a2837e2a60b1caa23dcb5b3296
Database specific 
{
    "versions": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.7"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.5"
        }
    ]
}

Affected versions

v3.*
v3.3.0
v3.3.0-rc2
v3.3.1
v3.3.1-rc
v3.3.2
v3.3.2-rc
v3.3.2-rc2
v3.3.2-rc3
v3.3.2-rc4
v3.3.3
v3.3.3-rc
v3.3.3-rc1
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc3
v3.3.6
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.3.7-rc
v3.3.7-rc2
v3.3.7-rc3
v3.4.0
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3
v3.4.3-rc
v3.4.3-rc2
v3.4.3-rc3
v3.4.4
v3.4.4-rc
v3.4.4-rc2
v3.4.5-rc

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26981.json"