JLSEC-2026-146

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-146.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-146.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-146

Upstream

CVE-2026-34544

Published

2026-04-17T15:19:54.657Z

Modified

2026-04-17T15:31:32.039025Z

Summary

[none]

Details

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exrdecodingrun(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.

Database specific

{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-34544",
            "database_specific": {
                "status": "Analyzed"
            },
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34544",
            "modified": "2026-04-07T20:13:31.237Z",
            "id": "CVE-2026-34544",
            "imported": "2026-04-17T13:59:24.564Z",
            "published": "2026-04-01T21:17:01.480Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / OpenEXR_jll

Package

Name: OpenEXR_jll
Purl: pkg:julia/OpenEXR_jll?uuid=18a262bb-aa17-5467-a713-aee519bc75cb

Affected ranges

Type: SEMVER
Events: Introduced

3.1.4+0

Fixed

3.4.8+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-146.json"