OESA-2026-1688

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1688
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-1688.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-1688
Upstream
Published
2026-03-20T14:25:30Z
Modified
2026-03-20T14:32:01.277336Z
Summary
OpenEXR security update
Details

OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications.

Security Fix(es):

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> totalsizes for attacker-controlled large counts across many parts, totalsizes[ptr] wraps modulo 2^32. overallsamplecount is then derived from wrapped totals and used in samples[channel].resize(overallsamplecount). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (genericunpackdeep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.(CVE-2026-27622)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP2 / OpenEXR

Package

Name
OpenEXR
Purl
pkg:rpm/openEuler/OpenEXR&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.11-5.oe2403sp2

Ecosystem specific 

{
    "aarch64": [
        "OpenEXR-3.1.11-5.oe2403sp2.aarch64.rpm",
        "OpenEXR-debuginfo-3.1.11-5.oe2403sp2.aarch64.rpm",
        "OpenEXR-debugsource-3.1.11-5.oe2403sp2.aarch64.rpm",
        "OpenEXR-devel-3.1.11-5.oe2403sp2.aarch64.rpm",
        "OpenEXR-libs-3.1.11-5.oe2403sp2.aarch64.rpm"
    ],
    "x86_64": [
        "OpenEXR-3.1.11-5.oe2403sp2.x86_64.rpm",
        "OpenEXR-debuginfo-3.1.11-5.oe2403sp2.x86_64.rpm",
        "OpenEXR-debugsource-3.1.11-5.oe2403sp2.x86_64.rpm",
        "OpenEXR-devel-3.1.11-5.oe2403sp2.x86_64.rpm",
        "OpenEXR-libs-3.1.11-5.oe2403sp2.x86_64.rpm"
    ],
    "src": [
        "OpenEXR-3.1.11-5.oe2403sp2.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1688.json"