SUSE Package Hub - SUSE-PackageHub-16.0-617

Update Info

SUSE-PackageHub-16.0-617

Security update for openexr

Type: security

Severity: important

Issued: 2026-04-22

Description:

This update for openexr fixes the following issues:

- CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621).
- CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622).
- CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624).
- CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634).

References

CVE: CVE-2026-34589
CVE: CVE-2026-34588
CVE: CVE-2026-34380
CVE: CVE-2026-34379
Bugzilla: 1261634 VUL-0: CVE-2026-34589: openexr: crafted scanline DWAA file can lead to arbitrary code execution or denial of service
Bugzilla: 1261624 VUL-0: CVE-2026-34588: openexr: crafted EXR file can lead to out of bound read and write
Bugzilla: 1261622 VUL-0: CVE-2026-34380: openexr: lack of proper check can lead to integer overflow in image decoding
Bugzilla: 1261621 VUL-0: CVE-2026-34379: openexr: misaligned memory write during file decoding can cause a denial of service

Packages

openexr-3.2.2-160000.6.1