Skip to main content

Red Hat CVE-2026-34378

| EUVDEUVD-2026-19303 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-04-06 GitHub_M
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
3.4.9
EUVD ID Assigned
Apr 06, 2026 - 15:30 euvd
EUVD-2026-19303
Analysis Generated
Apr 06, 2026 - 15:30 vuln.today
CVE Published
Apr 06, 2026 - 15:19 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overflow in generic_unpack(). By setting dataWindow.min.x to a large negative value, OpenEXRCore computes an enormous image width, which is later used in a signed integer multiplication that overflows, causing the process to terminate with SIGILL via UBSan. This vulnerability is fixed in 3.4.9.

AnalysisAI

Integer overflow in OpenEXR 3.4.0-3.4.8 allows remote attackers to crash applications processing malicious EXR files via a negative dataWindow.min.x value in the file header, triggering a signed integer overflow in generic_unpack() that causes process termination with SIGILL. The vulnerability requires user interaction (opening a crafted file) and affects availability only, with no confirmed active exploitation at time of analysis.

Technical ContextAI

OpenEXR is a widely-used image format library in visual effects and motion picture production, providing both specification and reference implementation via OpenEXRCore. The vulnerability stems from a missing bounds check on the dataWindow attribute-specifically the minimum x-coordinate-in the EXR file header parsing logic. When an attacker supplies a large negative value for dataWindow.min.x, OpenEXRCore computes an image width that wraps around during signed integer arithmetic, resulting in an enormous computed width. This malformed width is subsequently used in a signed integer multiplication operation within generic_unpack(), causing integer overflow behavior. Modern C++ compilers with undefined behavior sanitization (UBSan) detect this overflow and terminate the process with SIGILL (illegal instruction signal), creating a denial-of-service condition. The root cause is classified as CWE-190 (Integer Overflow or Wraparound).

RemediationAI

Vendor-released patch: OpenEXR 3.4.9 and later. Users of OpenEXR 3.4.0-3.4.8 should upgrade to version 3.4.9 or newer immediately. For environments unable to upgrade immediately, implement input validation to reject EXR files with dataWindow.min.x values that are excessively negative or otherwise suspicious; however, patching remains the authoritative fix. Detailed remediation guidance is available in the official GitHub security advisory at https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-34378 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy