CVE-2026-27622
Publication date 3 March 2026
Last updated 13 May 2026
Ubuntu priority
Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openexr | 26.04 LTS resolute |
Fixed 3.1.13-2ubuntu0.26.04.1~esm1
|
| 25.10 questing |
Vulnerable
|
|
| 24.04 LTS noble |
Fixed 3.1.5-5.1ubuntu0.1~esm1
|
|
| 22.04 LTS jammy |
Fixed 2.5.7-1ubuntu0.1~esm2
|
|
| 20.04 LTS focal |
Fixed 2.3.0-6ubuntu0.5+esm2
|
|
| 18.04 LTS bionic |
Fixed 2.2.0-11.1ubuntu1.9+esm1
|
|
| 16.04 LTS xenial |
Fixed 2.2.0-10ubuntu2.6+esm4
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialReferences
Related Ubuntu Security Notices (USN)
- USN-8259-1
- OpenEXR vulnerabilities
- 7 May 2026