CVE-2026-44663: CWE-190: Integer Overflow or Wraparound in AcademySoftwareFoundation openexr
An integer overflow vulnerability in OpenEXR versions 3.4.0 through 3.4.11 causes a heap-buffer overflow when decoding specially crafted HTJ2K-compressed EXR files. The issue arises from unchecked multiplication of image width by bytes per element in 32-bit signed arithmetic, leading to corrupted offsets and potential out-of-bounds writes. This vulnerability can result in denial of service or other impacts related to heap corruption. The flaw has been fixed in version 3.4.12.
AI Analysis
Technical Summary
OpenEXR, a widely used reference implementation for the EXR image format, contains an integer overflow in the ht_undo_impl() function within src/lib/OpenEXRCore/internal_ht.cpp in versions 3.4.0 through 3.4.11. The vulnerability occurs when decode->channels[i].width (int32_t) is multiplied by bytes_per_element using 32-bit signed arithmetic, which can overflow for large widths (e.g., >= 536870912 for FLOAT data). This overflow leads to corrupted offsets used in pointer arithmetic, causing heap-buffer overflows during decoding of crafted HTJ2K-compressed EXR files. Similar unchecked multiplication patterns exist in other HTJ2K code paths. The issue is addressed in version 3.4.12.
Potential Impact
The integer overflow leads to heap-buffer overflow conditions that can cause heap out-of-bounds writes during image decoding. This can result in denial of service or potential memory corruption. There is no indication of confidentiality impact, but integrity and availability impacts are possible as per the CVSS vector (Integrity Low, Availability High). No known exploits in the wild have been reported.
Mitigation Recommendations
A fix is available in OpenEXR version 3.4.12. Users should upgrade to version 3.4.12 or later to remediate this vulnerability. No other mitigations are specified.
CVE-2026-44663: CWE-190: Integer Overflow or Wraparound in AcademySoftwareFoundation openexr
Description
An integer overflow vulnerability in OpenEXR versions 3.4.0 through 3.4.11 causes a heap-buffer overflow when decoding specially crafted HTJ2K-compressed EXR files. The issue arises from unchecked multiplication of image width by bytes per element in 32-bit signed arithmetic, leading to corrupted offsets and potential out-of-bounds writes. This vulnerability can result in denial of service or other impacts related to heap corruption. The flaw has been fixed in version 3.4.12.
CVSS v3.1
Score 6.1medium
Affected software
pkg:github/academysoftwarefoundation/openexrRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenEXR, a widely used reference implementation for the EXR image format, contains an integer overflow in the ht_undo_impl() function within src/lib/OpenEXRCore/internal_ht.cpp in versions 3.4.0 through 3.4.11. The vulnerability occurs when decode->channels[i].width (int32_t) is multiplied by bytes_per_element using 32-bit signed arithmetic, which can overflow for large widths (e.g., >= 536870912 for FLOAT data). This overflow leads to corrupted offsets used in pointer arithmetic, causing heap-buffer overflows during decoding of crafted HTJ2K-compressed EXR files. Similar unchecked multiplication patterns exist in other HTJ2K code paths. The issue is addressed in version 3.4.12.
Potential Impact
The integer overflow leads to heap-buffer overflow conditions that can cause heap out-of-bounds writes during image decoding. This can result in denial of service or potential memory corruption. There is no indication of confidentiality impact, but integrity and availability impacts are possible as per the CVSS vector (Integrity Low, Availability High). No known exploits in the wild have been reported.
Mitigation Recommendations
A fix is available in OpenEXR version 3.4.12. Users should upgrade to version 3.4.12 or later to remediate this vulnerability. No other mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-07T16:20:08.659Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3456d1f198dc38c18207de
Added to database: 6/18/2026, 8:36:33 PM
Last enriched: 6/18/2026, 8:50:10 PM
Last updated: 6/18/2026, 11:34:10 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.