Integer overflow in OpenEXR - CVE-2026-54920

 

Integer overflow in OpenEXR - CVE-2026-54920

Published: June 23, 2026


Vulnerability identifier: #VU135035
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-54920
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: OpenEXR
Affected software:
OpenEXR

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to integer overflow in OpenEXRUtil Image::resize() and Image::clearLevels() when processing crafted Imath::Box2i data window coordinates through the public API. A remote attacker can supply crafted coordinate values that trigger exception cleanup and invalid deletion of uninitialized ImageLevel pointers to cause a denial of service.

The issue is confirmed to crash the process through an invalid delete of uninitialized pointer entries during exception cleanup, while remote code execution was not confirmed.


How to mitigate CVE-2026-54920

Install security update from vendor's website.

Sources