{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34379", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-27T13:43:14.370Z", "datePublished": "2026-04-06T15:21:06.556Z", "dateUpdated": "2026-04-07T03:07:14.371Z"}, "containers": {"cna": {"title": "OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)", "problemTypes": [{"descriptions": [{"cweId": "CWE-704", "lang": "en", "description": "CWE-704: Incorrect Type Conversion or Cast", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-843", "lang": "en", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24"}, {"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"}, {"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9", "tags": ["x_refsource_MISC"], "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"}, {"name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9", "tags": ["x_refsource_MISC"], "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"}], "affected": [{"vendor": "AcademySoftwareFoundation", "product": "openexr", "versions": [{"version": ">= 3.2.0, < 3.2.7", "status": "affected"}, {"version": ">= 3.3.0, < 3.3.9", "status": "affected"}, {"version": ">= 3.4.0, < 3.4.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T03:07:14.371Z"}, "descriptions": [{"lang": "en", "value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF\u2192FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."}], "source": {"advisory": "GHSA-w88v-vqhq-5p24", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T18:38:21.966448Z", "id": "CVE-2026-34379", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T18:38:32.682Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34379", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T18:38:21.966448Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T18:38:28.187Z"}}], "cna": {"title": "OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)", "source": {"advisory": "GHSA-w88v-vqhq-5p24", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "AcademySoftwareFoundation", "product": "openexr", "versions": [{"status": "affected", "version": ">= 3.2.0, < 3.2.7"}, {"status": "affected", "version": ">= 3.3.0, < 3.3.9"}, {"status": "affected", "version": ">= 3.4.0, < 3.4.9"}]}], "references": [{"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24", "name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7", "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9", "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9", "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF\u2192FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-704", "description": "CWE-704: Incorrect Type Conversion or Cast"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T03:07:14.371Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34379", "state": "PUBLISHED", "dateUpdated": "2026-04-07T03:07:14.371Z", "dateReserved": "2026-03-27T13:43:14.370Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-06T15:21:06.556Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E7AA082-2647-4AAD-9902-1E3873882A3D", "versionEndExcluding": "3.2.7", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8321A2E-759A-4B1E-9AAF-0204791F4323", "versionEndExcluding": "3.3.9", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*", "matchCriteriaId": "94F2D271-636B-4E9E-A04B-40E635A59117", "versionEndExcluding": "3.4.9", "versionStartIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF\u2192FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."}], "id": "CVE-2026-34379", "lastModified": "2026-04-07T19:04:50.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-06T16:16:35.233", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}, {"lang": "en", "value": "CWE-787"}, {"lang": "en", "value": "CWE-843"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "OpenEXR: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding", "id": "2455402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455402"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-475", "details": ["A flaw was found in OpenEXR, an image storage format library for the motion picture industry. A remote attacker could exploit this vulnerability by providing a specially crafted DWA or DWAB-compressed EXR file containing a FLOAT-type channel. When the file is decoded, a misaligned memory write occurs during a half-precision to single-precision floating-point (HALF\u2192FLOAT) conversion. This can lead to a denial of service (DoS) by crashing the application on systems with strict memory alignment enforcement, such as ARM and RISC-V architectures."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-34379", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "OpenEXR", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-06T15:21:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34379\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34379\nhttps://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.2.0,3.2.7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.3.0,3.3.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.4.0,3.4.9)"}}], "enrichment": {"confidence": 82.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 82.0, "source": "matching"}]}, "original": {"product": "openexr", "source": "cna", "vendor": "AcademySoftwareFoundation"}, "product": "openexr", "vendor": "academysoftwarefoundation"}], "analysis": {"en": {"generated_at": "2026-04-07T21:41:32.962149+00:00", "value": {"mitigation_remediation": ["Upgrade OpenEXR to version 3.2.7, 3.3.9, or 3.4.9 or later", "Recompile or rebuild dependent applications to link against the updated library", "Until the upgrade can be applied, avoid processing DWA or DWAB compressed EXR files that contain FLOAT channels or switch to an alternative image format"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Any software that bundles the Academy Software Foundation\u2019s OpenEXR library versions 3.2.0 to 3.2.6, 3.3.0 to 3.3.8 and 3.4.0 to 3.4.8, and that processes DWA or DWAB compressed images with FLOAT\u2011type channels, is vulnerable. This includes the open source binaries supplied by the foundation as well as third\u2011party applications that embed the library. The vulnerability is fixed in releases 3.2.7, 3.3.9 and 3.4.9.", "description_and_impact": "OpenEXR interprets DWA or DWAB compressed EXR files as part of the reference implementation for the motion\u2011picture industry's image format. In versions 3.2.0 through 3.2.6, 3.3.8 and 3.4.8 the function that decodes these compressed channels performs an in\u2011place conversion from HALF to FLOAT. The code incorrectly casts an unaligned 8\u2011byte pointer to a floating\u2011point reference and writes through it. This misaligned memory write triggers undefined behavior according to the C standard. On architectures that enforce 4\u2011byte alignment, the failure manifests as a crash; on x86 the operation is tolerated but may still be exploited by compiler optimizations that assume aligned access, potentially corrupting data or causing a denial of service.", "risk_and_exploitability": "The CVSS scoring indicates a high severity (7.1). However, the EPSS score is below 1\u00a0%, suggesting that active exploitation is unlikely at present. The vulnerability does not appear in CISA\u2019s KEV list, implying no publicly known active exploits. Attackers would need to supply a crafted EXR file that the vulnerable decoder processes. On aligned\u2011enforcing processors the outcome is a predictable crash, giving the system an immediate denial of service. On processors that tolerate alignment, the risk depends on whether compiler optimizations lead to corruption or uncontrolled execution, which is less certain. In either case, the impact is confined to the application's runtime and does not provide remote code execution to external attackers."}}}}, "created": "2026-04-06T20:14:07.686469+00:00", "updated": "2026-04-08T19:50:46.369543+00:00", "vendors": ["academysoftwarefoundation", "academysoftwarefoundation$PRODUCT$openexr"]}