OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-45845d11c3 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4656ccedf8 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f958585e24 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of the OpenEXR Python package installed on the remote host is 3.3.x prior to 3.3.7 or 3.4.x prior to 3.4.5. It is, therefore, affected by a heap buffer overflow vulnerability:

  - A heap-buffer-overflow (out-of-bounds read) occurs in the istream_nonparallel_read function in     ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer     subtraction produces a negative value that is implicitly converted to size_t, resulting in a massive     length being passed to memcpy. (CVE-2026-26981)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-     buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when     parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a     negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to     `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch. (CVE-2026-26981)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
302755	Fedora 42 : mingw-openexr (2026-45845d11c3)	Nessus	Fedora Local Security Checks	high
302531	Fedora 44 : mingw-openexr (2026-4656ccedf8)	Nessus	Fedora Local Security Checks	high
302528	Fedora 43 : mingw-openexr (2026-f958585e24)	Nessus	Fedora Local Security Checks	high
301139	Python Library OpenEXR 3.3.x < 3.3.7 / 3.4.x < 3.4.5 Heap Buffer Overflow (OOB Read)	Nessus	Misc.	medium
299904	Linux Distros Unpatched Vulnerability : CVE-2026-26981	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-26981

medium

Tenable Plugins

high

high

high

medium

medium