OSV-2026-653
See a problem?- Import Source
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2026-653.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/OSV-2026-653
- Published
- 2026-04-30T00:13:25.604536Z
- Modified
- 2026-04-30T00:13:25.604829Z
- Summary
- Heap-buffer-overflow in generic_unpack
- Details
-
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507413960
Crash type: Heap-buffer-overflow READ 2 Crash state: generic_unpack exr_decoding_run Imf_4_0::checkCoreFile - References
Affected packages
OSS-Fuzz / openexr
Package
- Name
- openexr
- Purl
- pkg:generic/openexr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/AcademySoftwareFoundation/openexr
- Events
-
IntroducedFixedIntroduced
Affected versions
v3.*
v3.3.10
v3.3.10-rc
v3.3.10-rc2
v3.3.11
v3.3.11-rc3
v3.3.4
v3.3.4-rc
v3.3.5
v3.3.5-rc
v3.3.5-rc3
v3.3.6
v3.3.6-rc
v3.3.6-rc2
v3.3.6-rc3
v3.3.6-rc4
v3.3.7
v3.3.7-rc
v3.3.7-rc2
v3.3.7-rc3
v3.3.7-rc4
v3.3.8
v3.3.8-rc
v3.3.9
v3.3.9-rc
v3.3.9-rc2
v3.4-alpha
v3.4.0
v3.4.0-rc
v3.4.1
v3.4.1-rc
v3.4.1-rc2
v3.4.10
v3.4.10-rc
v3.4.11
v3.4.11-rc
v3.4.11-rc2
v3.4.11-rc3
v3.4.2
v3.4.2-rc
v3.4.2-rc2
v3.4.3
v3.4.3-rc
v3.4.3-rc2
v3.4.3-rc3
v3.4.4
v3.4.4-rc
v3.4.4-rc2
v3.4.5
v3.4.5-rc
v3.4.6
v3.4.6-rc
v3.4.7
v3.4.7-rc
v3.4.8
v3.4.8-rc
v3.4.9
v3.4.9-rc