CVE-2026-42217: CWE-190: Integer Overflow or Wraparound in AcademySoftwareFoundation openexr
An integer overflow or wraparound vulnerability exists in the AcademySoftwareFoundation openexr library in the readVariableLengthInteger() function. This function decodes variable-length integers from untrusted EXR input without properly bounding the shift count, leading to undefined behavior when a left shift by 70 bits on a 64-bit value occurs. The issue affects versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.
AI Analysis
Technical Summary
The openexr library, used for handling the EXR image file format, contains an integer overflow vulnerability in the readVariableLengthInteger() function. This function processes variable-length integers from untrusted input but fails to limit the shift count during decoding. Consequently, after processing enough continuation bytes, the code performs a left shift by 70 bits on a 64-bit integer, which is undefined behavior and can lead to memory corruption or other unexpected program behavior. This vulnerability affects multiple version ranges prior to 3.2.9, 3.3.11, and 3.4.11, where it has been fixed.
Potential Impact
The vulnerability can cause undefined behavior due to an integer overflow or wraparound during decoding of EXR files. This may lead to memory corruption or program instability when processing specially crafted EXR images. The CVSS score of 6.3 reflects a medium severity impact with network attack vector, low complexity, and no required privileges or user interaction.
Mitigation Recommendations
A fix is available in openexr versions 3.2.9, 3.3.11, and 3.4.11. Users and organizations should upgrade to these or later versions to remediate the vulnerability. No additional mitigation guidance is provided or required beyond applying the official patches.
CVE-2026-42217: CWE-190: Integer Overflow or Wraparound in AcademySoftwareFoundation openexr
Description
An integer overflow or wraparound vulnerability exists in the AcademySoftwareFoundation openexr library in the readVariableLengthInteger() function. This function decodes variable-length integers from untrusted EXR input without properly bounding the shift count, leading to undefined behavior when a left shift by 70 bits on a 64-bit value occurs. The issue affects versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.
CVSS v4.0
Score 6.3medium
Affected software
pkg:github/academysoftwarefoundation/openexrRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The openexr library, used for handling the EXR image file format, contains an integer overflow vulnerability in the readVariableLengthInteger() function. This function processes variable-length integers from untrusted input but fails to limit the shift count during decoding. Consequently, after processing enough continuation bytes, the code performs a left shift by 70 bits on a 64-bit integer, which is undefined behavior and can lead to memory corruption or other unexpected program behavior. This vulnerability affects multiple version ranges prior to 3.2.9, 3.3.11, and 3.4.11, where it has been fixed.
Potential Impact
The vulnerability can cause undefined behavior due to an integer overflow or wraparound during decoding of EXR files. This may lead to memory corruption or program instability when processing specially crafted EXR images. The CVSS score of 6.3 reflects a medium severity impact with network attack vector, low complexity, and no required privileges or user interaction.
Mitigation Recommendations
A fix is available in openexr versions 3.2.9, 3.3.11, and 3.4.11. Users and organizations should upgrade to these or later versions to remediate the vulnerability. No additional mitigation guidance is provided or required beyond applying the official patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-25T05:04:37.028Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fc1394cbff5d8610732760
Added to database: 05/07/2026, 04:22:44 UTC
Last enriched: 05/14/2026, 10:53:58 UTC
Last updated: 06/25/2026, 08:00:57 UTC
Views: 80
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.