SB20260522139 - openEuler 24.03 LTS SP3 update for OpenEXR

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260522139

SB20260522139 - openEuler 24.03 LTS SP3 update for OpenEXR

Published: May 22, 2026

Security Bulletin ID SB20260522139
CSH Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2026-41142)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to integer overflow in ImageChannel::resize in OpenEXRUtil when parsing a crafted EXR image or using the public API with a crafted dataWindow. A remote attacker can supply crafted image dimensions that cause an undersized heap allocation and subsequent out-of-bounds write to execute arbitrary code.

User interaction is required to open or process a crafted EXR image.


2) Out-of-bounds read (CVE-ID: CVE-2026-42216)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information or cause a denial of service.

The vulnerability exists due to out-of-bounds read in IDManifest::init() in src/lib/OpenEXR/ImfIDManifest.cpp when parsing a prefix-compressed IDManifest string list from a crafted .exr file. A remote attacker can supply a specially crafted file to disclose sensitive information or cause a denial of service.

Exploitation requires the previous string to be longer than 255 bytes so that the 2-byte prefix-length path is used, and the next string to be empty.


3) Integer overflow (CVE-ID: CVE-2026-42217)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.

The vulnerability exists due to integer overflow or wraparound in readVariableLengthInteger() in ImfIDManifest.cpp when parsing a crafted EXR file containing an idmanifest attribute. A remote attacker can supply a specially crafted EXR file to cause a denial of service and disclose sensitive information.

The corrupted return value is used as a string-list length in readStringList(), which can lead to reads beyond the end of the supplied buffer. User interaction is required to open or process the crafted EXR file.


Remediation

Install update from vendor's website.

References