OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1481 advisory.

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are     accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts,     total_sizes[ptr] wraps modulo 2^32.  overall_sample_count is then derived from wrapped totals and used in     samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample     counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized     composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6. (CVE-2026-27622)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-45845d11c3 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4656ccedf8 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f958585e24 advisory.

    Update to openexr-3.4.6 resp 3.3.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of the OpenEXR Python package installed on the remote host is 2.3.x or 3.x prior to 3.2.6, 3.3.x prior to 3.3.8, or 3.4.x prior to 3.4.6. It is, therefore, affected by a heap buffer overflow vulnerability:

  - In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in a vector of unsigned int values     for attacker-controlled large counts across many parts. The totals wrap modulo 2^32, causing an undersized     composite sample buffer allocation. Subsequent decode operations overrun this buffer. (CVE-2026-27622)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are     accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts,     total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in     samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample     counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized     composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6. (CVE-2026-27622)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
304296	Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1481)	Nessus	Amazon Linux Local Security Checks	high
302755	Fedora 42 : mingw-openexr (2026-45845d11c3)	Nessus	Fedora Local Security Checks	high
302531	Fedora 44 : mingw-openexr (2026-4656ccedf8)	Nessus	Fedora Local Security Checks	high
302528	Fedora 43 : mingw-openexr (2026-f958585e24)	Nessus	Fedora Local Security Checks	high
301138	Python Library OpenEXR 2.3.x / 3.x < 3.2.6 / 3.3.x < 3.3.8 / 3.4.x < 3.4.6 Heap Buffer Overflow	Nessus	Misc.	high
301040	Linux Distros Unpatched Vulnerability : CVE-2026-27622	Nessus	Misc.	high

Detections

Analytics

CVE-2026-27622

high

Tenable Plugins

high

high

high

high

high

high