OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negative value, OpenEXRCore computes an enormous image width, which is later used in a signed integer multiplication that overflows, causing the process to terminate with SIGILL via UBSan. This vulnerability is fixed in 3.4.9.
{
"sources": [
{
"html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34378",
"modified": "2026-06-17T10:38:58.603Z",
"published": "2026-04-06T16:16:35.057Z",
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-34378",
"imported": "2026-07-17T21:13:59.841Z",
"id": "CVE-2026-34378",
"database_specific": {
"status": "Analyzed"
}
}
],
"license": "CC-BY-4.0"
}