OSV-2026-605
See a problem?- Import Source
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2026-605.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/OSV-2026-605
- Published
- 2026-04-21T00:16:42.288653Z
- Modified
- 2026-04-30T14:32:28.224899Z
- Summary
- Heap-buffer-overflow in DwaCompressor_uncompress
- Details
-
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155
Crash type: Heap-buffer-overflow WRITE {*} Crash state: DwaCompressor_uncompress internal_exr_undo_dwaa exr_uncompress_chunk - References
Affected packages
OSS-Fuzz / openexr
Package
- Name
- openexr
- Purl
- pkg:generic/openexr
Affected versions
v3.*
v3.3.10
v3.3.10-rc
v3.3.10-rc2
v3.3.11
v3.3.11-rc3
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc3
v3.3.6
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.3.7
v3.3.7-rc
v3.3.7-rc2
v3.3.7-rc3
v3.3.7-rc4
v3.3.8
v3.3.8-rc
v3.3.9
v3.3.9-rc
v3.3.9-rc2
v3.4-alpha
v3.4.0
v3.4.0-rc
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.10
v3.4.10-rc
v3.4.11-rc
v3.4.11-rc2
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3
v3.4.3-rc
v3.4.3-rc2
v3.4.3-rc3
v3.4.4
v3.4.4-rc
v3.4.4-rc2
v3.4.5
v3.4.5-rc
v3.4.6
v3.4.6-rc
v3.4.7
v3.4.7-rc
v3.4.8
v3.4.8-rc
v3.4.9
v3.4.9-rc