The openexr library versions 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9 contain a signed integer overflow in the undo_pxr24_impl() function within src/lib/OpenEXRCore/internal_pxr24.c. The vulnerability arises because the expression (uint64_t)(w * 3) performs the multiplication as a signed 32-bit integer before casting, which can overflow and wrap around. This incorrect calculation can cause a bounds check to pass erroneously, allowing the decoding loop to write pixel data beyond the allocated buffer, potentially corrupting memory. The issue is fixed in versions 3.2.7, 3.3.9, and 3.4.9.

Successful exploitation can lead to out-of-bounds memory writes during image decoding, which may cause memory corruption and potentially crash the application or affect its availability. The CVSS vector indicates no confidentiality impact, low integrity impact, and high availability impact. There is no evidence of known exploits in the wild.

Fixed versions 3.2.7, 3.3.9, and 3.4.9 address this vulnerability. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly confirmed in the advisory metadata, but the presence of fixed versions indicates an official fix is available. No other mitigation or temporary workaround is provided.