Vulnerability Details CVE-2026-26981
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.5%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-26981
-
cpe:2.3:a:openexr:openexr:3.3.0
-
cpe:2.3:a:openexr:openexr:3.3.1
-
cpe:2.3:a:openexr:openexr:3.3.2
-
cpe:2.3:a:openexr:openexr:3.3.3
-
cpe:2.3:a:openexr:openexr:3.3.4
-
cpe:2.3:a:openexr:openexr:3.3.5
-
cpe:2.3:a:openexr:openexr:3.3.6
-
cpe:2.3:a:openexr:openexr:3.4.0
-
cpe:2.3:a:openexr:openexr:3.4.1
-
cpe:2.3:a:openexr:openexr:3.4.2
-
cpe:2.3:a:openexr:openexr:3.4.3
-
cpe:2.3:a:openexr:openexr:3.4.4