Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negative value, OpenEXRCore computes an enormous image width, which is later used in a signed integer multiplication that overflows, causing the process to terminate with SIGILL via UBSan. This vulnerability is fixed in 3.4.9.
AnalysisAI
Integer overflow in OpenEXR 3.4.0-3.4.8 allows remote attackers to crash applications processing malicious EXR files via a negative dataWindow.min.x value in the file header, triggering a signed integer overflow in generic_unpack() that causes process termination with SIGILL. The vulnerability requires user interaction (opening a crafted file) and affects availability only, with no confirmed active exploitation at time of analysis.
Technical ContextAI
OpenEXR is a widely-used image format library in visual effects and motion picture production, providing both specification and reference implementation via OpenEXRCore. The vulnerability stems from a missing bounds check on the dataWindow attribute-specifically the minimum x-coordinate-in the EXR file header parsing logic. When an attacker supplies a large negative value for dataWindow.min.x, OpenEXRCore computes an image width that wraps around during signed integer arithmetic, resulting in an enormous computed width. This malformed width is subsequently used in a signed integer multiplication operation within generic_unpack(), causing integer overflow behavior. Modern C++ compilers with undefined behavior sanitization (UBSan) detect this overflow and terminate the process with SIGILL (illegal instruction signal), creating a denial-of-service condition. The root cause is classified as CWE-190 (Integer Overflow or Wraparound).
RemediationAI
Vendor-released patch: OpenEXR 3.4.9 and later. Users of OpenEXR 3.4.0-3.4.8 should upgrade to version 3.4.9 or newer immediately. For environments unable to upgrade immediately, implement input validation to reject EXR files with dataWindow.min.x values that are excessively negative or otherwise suspicious; however, patching remains the authoritative fix. Detailed remediation guidance is available in the official GitHub security advisory at https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE Enterprise Storage 6 | Fixed |
| SUSE Enterprise Storage 7 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Fixed |
| SUSE Linux Enterprise Real Time 15 SP2 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 12-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 | Fixed |
| SUSE Linux Enterprise Server 15 SP1 | Fixed |
| SUSE Linux Enterprise Server 15 SP1-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2 | Fixed |
| SUSE Linux Enterprise Server 15 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 15-LTSS | Fixed |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
| SUSE Manager Proxy 4.0 | Fixed |
| SUSE Manager Proxy 4.1 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.0 | Fixed |
| SUSE Manager Retail Branch Server 4.1 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Server 4.0 | Fixed |
| SUSE Manager Server 4.1 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| SUSE OpenStack Cloud 7 | Fixed |
| SUSE OpenStack Cloud 8 | Fixed |
| SUSE OpenStack Cloud 9 | Fixed |
| SUSE OpenStack Cloud Crowbar 8 | Fixed |
| SUSE OpenStack Cloud Crowbar 9 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19303