CVE-2026-34544
Published: 01 April 2026
Summary
CVE-2026-34544 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Openexr Openexr. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 4.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the out-of-bounds write vulnerability by requiring timely patching of affected OpenEXR library versions 3.4.0 through 3.4.7 to 3.4.8 or later.
Implements memory protections such as address space layout randomization and data execution prevention to mitigate heap corruption from the out-of-bounds write in exr_decoding_run().
Requires validation of EXR file inputs to detect and reject crafted B44 or B44A files before they reach the vulnerable decoder.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability is triggered by processing a crafted malicious EXR file provided to a user, directly enabling exploitation via T1204.002 Malicious File (User Execution). Potential RCE impact does not map to additional specific techniques.
NVD Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write…
more
in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.
Deeper analysisAI
CVE-2026-34544 is an out-of-bounds write vulnerability in the OpenEXR library, which provides the specification and reference implementation for the EXR file format used in the motion picture industry for image storage. The issue affects versions 3.4.0 through 3.4.7 and is triggered by a crafted B44 or B44A EXR file processed via the exr_decoding_run() function. It is classified under CWE-190 (Integer Overflow or Wraparound) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability by tricking a user into decoding a malicious EXR file in an affected application. Successful exploitation typically results in an immediate application crash, but depending on memory layout, it may corrupt adjacent heap allocations, potentially enabling arbitrary code execution, data tampering, or further compromise given the high confidentiality, integrity, and availability impacts.
The vulnerability has been addressed in OpenEXR version 3.4.8, as detailed in the project's security advisory (GHSA-h762-rhv3-h25v), release notes, and the patching commit (35e7aa35e22c1975606be86e859f31cc1fc598ee). Security practitioners should update to version 3.4.8 or later and validate EXR file inputs in applications relying on OpenEXR decoding.
Details
- CWE(s)