OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.

The version of OpenEXR installed on the remote host is prior to 1.7.1-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3267 advisory.

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A     EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run().
    Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-     dependent). This issue has been patched in version 3.4.8. (CVE-2026-34544)

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9,     internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx,     ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then     decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-     bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
    (CVE-2026-34588)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-11097124bf advisory.

    Update to 3.4.9.

    ----

    Update to 3.4.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-502486fc61 advisory.

    Backport several OpenEXRCore security fixes

    - Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493
    - Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534
    - Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes RHBZ#2455505
    - Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes RHBZ#2455501
    - Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes RHBZ#2455497

    ----

    Backport fix for CVE-2026-34544 in OpenEXRCore

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1561 advisory.

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A     EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run().
    Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-     dependent). This issue has been patched in version 3.4.8. (CVE-2026-34544)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-abd4c1829d advisory.

    Automatic update for usd-26.03-2.fc45.

    ##### **Changelog**

    ```
    * Mon Apr  6 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 26.03-2
    - Backport fix for CVE-2026-34544 in OpenEXRCore
    - Fixes RHBZ#2454226

    ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage     format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A     EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run().
    Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-     dependent). This issue has been patched in version 3.4.8. (CVE-2026-34544)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
311215	Amazon Linux 2 : OpenEXR, --advisory ALAS2-2026-3267 (ALAS-2026-3267)	Nessus	Amazon Linux Local Security Checks	high
310695	Fedora 44 : mingw-openexr (2026-11097124bf)	Nessus	Fedora Local Security Checks	high
310538	Fedora 44 : usd (2026-502486fc61)	Nessus	Fedora Local Security Checks	high
306234	Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1561)	Nessus	Amazon Linux Local Security Checks	high
305080	Fedora 45 : usd (2026-abd4c1829d)	Nessus	Fedora Local Security Checks	high
304776	Linux Distros Unpatched Vulnerability : CVE-2026-34544	Nessus	Misc.	high

Detections

Analytics

CVE-2026-34544

high

Tenable Plugins

high

high

high

high

high

high