OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-542:02 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12340 advisory.

    OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in     computer imaging applications. This package contains libraries and sample applications for handling the     format.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12341 advisory.

    OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in     computer imaging applications. This package contains libraries and sample applications for handling the     format.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12339 advisory.

    OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in     computer imaging applications. This package contains libraries and sample applications for handling the     format.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:12338 advisory.

    OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in     computer imaging applications. This package contains libraries and sample applications for handling the     format.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8863 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8863 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8863 advisory.

    [2.2.0-12.1]
    - fix CVE-2026-27622

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8888 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-479:01 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8888 advisory.

    [3.1.1-3.1]
    - fix CVE-2026-27622

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8888 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8870 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8869 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8888 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8872 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8871 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8863 advisory.

    OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in     computer imaging applications. This package contains libraries and sample applications for handling the     format.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7682 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7682 advisory.

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7682 advisory.

    [3.1.10-8.1]
    - fix CVE-2026-27622

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7682 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7678 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1481 advisory.

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are     accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts,     total_sizes[ptr] wraps modulo 2^32.  overall_sample_count is then derived from wrapped totals and used in     samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample     counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized     composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6. (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-45845d11c3 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4656ccedf8 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f958585e24 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of the OpenEXR Python package installed on the remote host is 2.3.x or 3.x prior to 3.2.6, 3.3.x prior to 3.3.8, or 3.4.x prior to 3.4.6. It is, therefore, affected by a heap buffer overflow vulnerability:

  - In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in a vector of unsigned int values     for attacker-controlled large counts across many parts. The totals wrap modulo 2^32, causing an undersized     composite sample buffer allocation. Subsequent decode operations overrun this buffer. (CVE-2026-27622)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are     accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts,     total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in     samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample     counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized     composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6. (CVE-2026-27622)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
311942	MiracleLinux 8 : OpenEXR-2.2.0-12.el8_10.1 (AXSA:2026-542:02)	Nessus	Miracle Linux Local Security Checks	high
311524	RHEL 8 : OpenEXR (RHSA-2026:12340)	Nessus	Red Hat Local Security Checks	high
311522	RHEL 8 : OpenEXR (RHSA-2026:12341)	Nessus	Red Hat Local Security Checks	high
311514	RHEL 8 : OpenEXR (RHSA-2026:12339)	Nessus	Red Hat Local Security Checks	high
311494	RHEL 8 : OpenEXR (RHSA-2026:12338)	Nessus	Red Hat Local Security Checks	high
311187	AlmaLinux 8 : OpenEXR (ALSA-2026:8863)	Nessus	Alma Linux Local Security Checks	high
309905	RockyLinux 8 : OpenEXR (RLSA-2026:8863)	Nessus	Rocky Linux Local Security Checks	high
309080	Oracle Linux 8 : OpenEXR (ELSA-2026-8863)	Nessus	Oracle Linux Local Security Checks	high
308149	RockyLinux 9 : openexr (RLSA-2026:8888)	Nessus	Rocky Linux Local Security Checks	high
307680	MiracleLinux 9 : openexr-3.1.1-3.el9_7.1 (AXSA:2026-479:01)	Nessus	Miracle Linux Local Security Checks	high
307587	Oracle Linux 9 : openexr (ELSA-2026-8888)	Nessus	Oracle Linux Local Security Checks	high
307583	RHEL 9 : openexr (RHSA-2026:8888)	Nessus	Red Hat Local Security Checks	high
307577	RHEL 9 : openexr (RHSA-2026:8870)	Nessus	Red Hat Local Security Checks	high
307576	RHEL 9 : openexr (RHSA-2026:8869)	Nessus	Red Hat Local Security Checks	high
307557	AlmaLinux 9 : openexr (ALSA-2026:8888)	Nessus	Alma Linux Local Security Checks	high
307545	RHEL 9 : openexr (RHSA-2026:8872)	Nessus	Red Hat Local Security Checks	high
307537	RHEL 9 : openexr (RHSA-2026:8871)	Nessus	Red Hat Local Security Checks	high
307519	RHEL 8 : OpenEXR (RHSA-2026:8863)	Nessus	Red Hat Local Security Checks	high
306758	RockyLinux 10 : openexr (RLSA-2026:7682)	Nessus	Rocky Linux Local Security Checks	high
306522	AlmaLinux 10 : openexr (ALSA-2026:7682)	Nessus	Alma Linux Local Security Checks	high
306120	Oracle Linux 10 : openexr (ELSA-2026-7682)	Nessus	Oracle Linux Local Security Checks	high
306105	RHEL 10 : openexr (RHSA-2026:7682)	Nessus	Red Hat Local Security Checks	high
306070	RHEL 10 : openexr (RHSA-2026:7678)	Nessus	Red Hat Local Security Checks	high
304296	Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1481)	Nessus	Amazon Linux Local Security Checks	high
302755	Fedora 42 : mingw-openexr (2026-45845d11c3)	Nessus	Fedora Local Security Checks	high
302531	Fedora 44 : mingw-openexr (2026-4656ccedf8)	Nessus	Fedora Local Security Checks	high
302528	Fedora 43 : mingw-openexr (2026-f958585e24)	Nessus	Fedora Local Security Checks	high
301138	Python Library OpenEXR 2.3.x / 3.x < 3.2.6 / 3.3.x < 3.3.8 / 3.4.x < 3.4.6 Heap Buffer Overflow	Nessus	Misc.	high
301040	Linux Distros Unpatched Vulnerability : CVE-2026-27622	Nessus	Misc.	high

Detections

Analytics

CVE-2026-27622

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high