SB2026052036 - Anolis OS update for OpenEXR

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026052036

SB2026052036 - Anolis OS update for OpenEXR

Published: May 20, 2026

Security Bulletin ID SB2026052036
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Integer overflow (CVE-ID: CVE-2026-42217)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.

The vulnerability exists due to integer overflow or wraparound in readVariableLengthInteger() in ImfIDManifest.cpp when parsing a crafted EXR file containing an idmanifest attribute. A remote attacker can supply a specially crafted EXR file to cause a denial of service and disclose sensitive information.

The corrupted return value is used as a string-list length in readStringList(), which can lead to reads beyond the end of the supplied buffer. User interaction is required to open or process the crafted EXR file.


Remediation

Install update from vendor's website.

References