DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-34544: CVE-2026-34544: Signed Integer Overflow and Out-of-Bounds Write in OpenEXRCore B44/B44A Compression

#security #cve #cybersecurity

CVE-2026-34544: Signed Integer Overflow and Out-of-Bounds Write in OpenEXRCore B44/B44A Compression

Vulnerability ID: CVE-2026-34544
CVSS Score: 8.4
Published: 2026-04-03

A high-severity signed integer overflow vulnerability in the OpenEXR library's B44 and B44A compression modules allows for out-of-bounds memory writes. This flaw can be triggered during the encoding or decoding of maliciously crafted EXR files, potentially resulting in denial of service or arbitrary code execution.

TL;DR

OpenEXR versions 3.4.0 through 3.4.7 suffer from an integer overflow in internal_b44.c that leads to an out-of-bounds write during B44/B44A image compression handling. Upgrading to version 3.4.8 resolves the issue by enforcing 64-bit bounds calculations.

Technical Details

  • CWE ID: CWE-190
  • Attack Vector: Local / User Interaction Required
  • CVSS v4.0: 8.4
  • EPSS Score: 0.00013
  • Impact: Denial of Service / Potential Remote Code Execution
  • Exploit Status: None
  • CISA KEV: Not Listed

Affected Systems

  • Applications dynamically linking OpenEXR versions 3.4.0 to 3.4.7.
  • Services statically compiled with OpenEXRCore versions 3.4.0 to 3.4.7.
  • Automated image processing and rendering pipelines processing user-submitted EXR files.
  • OpenEXR: >= 3.4.0, < 3.4.8 (Fixed in: 3.4.8)

Code Analysis

Commit: 35e7aa3

Fix integer overflow in internal_b44.c during memory offset calculations

/* Corrected calculation */
+ uint64_t row_off = (uint64_t)(y) * (uint64_t)(nx);
+ row0 = (uint16_t*) scratch + row_off;
- row0 += y * nx;
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Upgrade to OpenEXR version 3.4.8 or later.
  • Implement application-level bounds checking on image dimensions before invoking the OpenEXR decoder.
  • Execute automated image processing pipelines in isolated or containerized environments.

Remediation Steps:

  1. Identify all systems and dependencies utilizing OpenEXRCore versions 3.4.0 through 3.4.7.
  2. Update package configurations to enforce a minimum version of OpenEXR 3.4.8.
  3. Recompile applications linking statically against OpenEXR.
  4. Test decoding pipelines to ensure EXR files parse correctly post-update.

References

Read the full report for CVE-2026-34544 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)