Cyber Resilience

CVE-2026-45696

HighPublic PoCUpdated

Published: 18 June 2026

Published
18 June 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 8.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 17.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-45696 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Openexr Openexr. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The…

more

ht_undo_imp function copies decoded pixels out of a per-line OpenJPH buffer using the EXR channel's declared width as the iteration count. The codestream embedded in the EXR chunk can declare different (smaller) tile/line dimensions than the EXR header advertises, but ht_undo_impl() does not validate this — it pulls width 32-bit samples from cur_line->i32[] without checking the OpenJPH line buffer's actual length. A crafted EXR file produces a 4-byte heap-buffer-overflow READ immediately after a buffer allocated by ojph::local::codestream::finalize_alloc(). The bug is reachable through the standard scanline-decode entry point used by every consumer of exr_decoding_run/Imf::checkOpenEXRFile, including thumbnailers, asset pipelines, and the exrcheck utility — i.e. any application that opens untrusted EXR files. The result is a deterministic crash (DoS) and potential adjacent-heap leak. This issue has been fixed in version 3.4.12.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Heap overflow in image decoder enables crafted malicious EXR file (T1204.002) to trigger deterministic crash/DoS via application exploitation (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34545Same product: Openexr Openexr
CVE-2025-48071Same product: Openexr Openexr
CVE-2023-5841Same product: Openexr Openexr
CVE-2021-3477Same product: Openexr Openexr
CVE-2026-24852Shared CWE-122, CWE-125
CVE-2026-21491Shared CWE-122, CWE-125
CVE-2026-42477Shared CWE-122, CWE-125
CVE-2026-5653Shared CWE-122
CVE-2021-3605Same product: Openexr Openexr
CVE-2025-21178Shared CWE-122, CWE-125

Affected Assets

openexr
openexr
3.4.0 — 3.4.12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References