{"id":"JLSEC-2026-146","details":"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.","modified":"2026-04-17T15:31:32.039025Z","published":"2026-04-17T15:19:54.657Z","upstream":["CVE-2026-34544"],"database_specific":{"license":"CC-BY-4.0","sources":[{"imported":"2026-04-17T13:59:24.564Z","id":"CVE-2026-34544","database_specific":{"status":"Analyzed"},"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34544","modified":"2026-04-07T20:13:31.237Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-34544","published":"2026-04-01T21:17:01.480Z"}]},"references":[{"type":"WEB","url":"https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee"},{"type":"WEB","url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8"},{"type":"WEB","url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v"}],"affected":[{"package":{"name":"OpenEXR_jll","ecosystem":"Julia","purl":"pkg:julia/OpenEXR_jll?uuid=18a262bb-aa17-5467-a713-aee519bc75cb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.1.4+0"},{"fixed":"3.4.8+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-146.json"}}],"schema_version":"1.7.5"}