CVE-2026-42217
Published:May 07, 2026
Updated:May 16, 2026
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code executes a left shift by 70 on a 64-bit value, which is undefined behavior. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.
Affected Packages
openexr (CONAN):
Affected version(s) >=3.3.0 <3.3.11Fix Suggestion:
Update to version 3.3.11openexr (CONAN):
Affected version(s) >=3.1.4 <3.2.9Fix Suggestion:
Update to version 3.2.9openexr (CONAN):
Affected version(s) >=3.4.2 <3.4.11Fix Suggestion:
Update to version 3.4.11https://github.com/AcademySoftwareFoundation/openexr.git (GITHUB):
Affected version(s) >=v3.4.0 <v3.4.11Fix Suggestion:
Update to version v3.4.11https://github.com/AcademySoftwareFoundation/openexr.git (GITHUB):
Affected version(s) >=v3.3.0 <v3.3.11Fix Suggestion:
Update to version v3.3.11https://github.com/AcademySoftwareFoundation/openexr.git (GITHUB):
Affected version(s) >=v3.0.1-beta <v3.2.9Fix Suggestion:
Update to version v3.2.9Related Resources (3)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Integer Overflow or Wraparound
EPSS
Base Score:
0.05