{"id":"JLSEC-2026-140","details":"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.","modified":"2026-04-17T15:31:04.355692Z","published":"2026-04-17T15:19:54.657Z","upstream":["CVE-2026-26981"],"database_specific":{"license":"CC-BY-4.0","sources":[{"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26981","database_specific":{"status":"Analyzed"},"published":"2026-02-24T03:16:01.890Z","modified":"2026-02-25T17:30:34.797Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-26981","id":"CVE-2026-26981","imported":"2026-04-17T13:59:24.446Z"}]},"references":[{"type":"WEB","url":"https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef"},{"type":"WEB","url":"https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8"},{"type":"WEB","url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c"}],"affected":[{"package":{"name":"OpenEXR_jll","ecosystem":"Julia","purl":"pkg:julia/OpenEXR_jll?uuid=18a262bb-aa17-5467-a713-aee519bc75cb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.4.4+0"},{"fixed":"3.4.8+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-140.json"}}],"schema_version":"1.7.5"}