Cyber Posture

CVE-2026-41142

HighPublic PoC

Published: 07 May 2026

Published
07 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 10.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41142 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Openexr Openexr. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 10.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

NVD Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer…

more

overflow in ImageChannel::resize that leads to heap OOB write via OpenEXRUtil public API. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-190

Affected Products

openexr
openexr
3.0.0 — 3.2.9 · 3.3.0 — 3.3.11 · 3.4.0 — 3.4.11

CVEs Like This One

CVE-2026-40250Same product: Openexr Openexr
CVE-2026-40244Same product: Openexr Openexr
CVE-2026-34544Same product: Openexr Openexr
CVE-2026-34545Same product: Openexr Openexr
CVE-2026-34588Same product: Openexr Openexr
CVE-2026-34379Same product: Openexr Openexr
CVE-2026-27622Same product: Openexr Openexr
CVE-2025-48072Same product: Openexr Openexr
CVE-2026-34543Same product: Openexr Openexr
CVE-2026-41602Shared CWE-190

References