An integer overflow vulnerability (CVE-2026-27622, CVSS 7.8 HIGH) in the OpenEXR image processing library allows arbitrary code execution when processing a malicious EXR file. Affected versions are openexr prior to 3.2.6, 3.3.0 through 3.3.7, and 3.4.0 through 3.4.5. Red Hat has issued an Important security update for RHEL 9.6 EUS to address this flaw.
Red Hat Product Errata RHSA-2026:8872 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8872 - Security Advisory Overview Updated Packages Synopsis Important: openexr security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openexr is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fix(es): openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2444251 - CVE-2026-27622 openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVEs CVE-2026-27622 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM openexr-3.1.1-3.el9_6.1.src.rpm SHA-256: 35a95bfd7980221c4cf5b380244723818dd27b4a90600690c55af9035556f44b x86_64 openexr-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 42eb2adc8f81dcf7cda8de3ec04e9b41d16b601cf95008561c253b564435fc02 openexr-debuginfo-3.1.1-3.el9_6.1.i686.rpm SHA-256: e901460f9d9a6ce1c4f7c56b206377e10e8f2a3605fca8d7f9238290557778d0 openexr-debuginfo-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 931b39d2ec42b40413c1b152cec164167f0d3b00010844d4c083518acd282e3c openexr-debugsource-3.1.1-3.el9_6.1.i686.rpm SHA-256: 668cb191508247762d511ce7bb6030b1fe0ff3f7a234264ca98e26c45ed0054d openexr-debugsource-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 7eb65548ddec59f9a31fcc799b959848617cf0342ec046021544bac5da70d239 openexr-libs-3.1.1-3.el9_6.1.i686.rpm SHA-256: 52222ef95830cc7c099232c91be8d0abf7887b009574a1d230a4e78a6237223f openexr-libs-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 31a45ee082fbfc60a260e8fc59eb6cbe8bb767b5db84254758ba88d8d56cd974 openexr-libs-debuginfo-3.1.1-3.el9_6.1.i686.rpm SHA-256: 43d5ac38afaece1043c6aa30f53143a6bdd2a066836544305b816c63e246e7a3 openexr-libs-debuginfo-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 4608025138db0219d5d96a6be52343b265cb50ebc797bada693b3bf3d620215a Red Hat Enterprise Linux Server - AUS 9.6 SRPM openexr-3.1.1-3.el9_6.1.src.rpm SHA-256: 35a95bfd7980221c4cf5b380244723818dd27b4a90600690c55af9035556f44b x86_64 openexr-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 42eb2adc8f81dcf7cda8de3ec04e9b41d16b601cf95008561c253b564435fc02 openexr-debuginfo-3.1.1-3.el9_6.1.i686.rpm SHA-256: e901460f9d9a6ce1c4f7c56b206377e10e8f2a3605fca8d7f9238290557778d0 openexr-debuginfo-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 931b39d2ec42b40413c1b152cec164167f0d3b00010844d4c083518acd282e3c openexr-debugsource-3.1.1-3.el9_6.1.i686.rpm SHA-256: 668cb191508247762d511ce7bb6030b1fe0ff3f7a234264ca98e26c45ed0054d openexr-debugsource-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 7eb65548ddec59f9a31fcc799b959848617cf0342ec046021544bac5da70d239 openexr-libs-3.1.1-3.el9_6.1.i686.rpm SHA-256: 52222ef95830cc7c099232c91be8d0abf7887b009574a1d230a4e78a6237223f openexr-libs-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 31a45ee082fbfc60a260e8fc59eb6cbe8bb767b5db84254758ba88d8d56cd974 openexr-libs-debuginfo-3.1.1-3.el9_6.1.i686.rpm SHA-256: 43d5ac38afaece1043c6aa30f53143a6bdd2a066836544305b816c63e246e7a3 openexr-libs-debuginfo-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 4608025138db0219d5d96a6be52343b265cb50ebc797bada693b3bf3d620215a Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM openexr-3.1.1-3.el9_6.1.src.rpm SHA-256: 35a95bfd7980221c4cf5b380244723818dd27b4a90600690c55af9035556f44b s390x openexr-3.1.1-3.el9_6.1.s390x.rpm SHA-256: 2fd3beb0bb2e76f877ccb103afff4653003891f4ce6b5a184387c034f37c11c3 openexr-debuginfo-3.1.1-3.el9_6.1.s390x.rpm SHA-256: 83d77620ae109f8f0e92848769cbda22c7475c0fa8238c1d2ed23e586ec2bbe7 openexr-debugsource-3.1.1-3.el9_6.1.s390x.rpm SHA-256: 2a722b33aaf23238be6890486de6c5ef2d068249f87f799f9ae5aeb5b8fcb893 openexr-libs-3.1.1-3.el9_6.1.s390x.rpm SHA-256: a92ad4ff2822c935474b07bf942756384eecfad462000d30119c505895e5dfaf openexr-libs-debuginfo-3.1.1-3.el9_6.1.s390x.rpm SHA-256: cd0e6b9c91900518b3d88117da186befb6afd80bdd377c45ea2a888621bcc2ac Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM openexr-3.1.1-3.el9_6.1.src.rpm SHA-256: 35a95bfd7980221c4cf5b380244723818dd27b4a90600690c55af9035556f44b ppc64le openexr-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 9d49e6ccab7878d49202d1e4d8e8b00b4f7e9210109a7b2189e835d7503b2f8a openexr-debuginfo-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 7bd77da62ed3a6ed6dd604022ef89e1bddcf6f0dfa7ec50806f17b305d132358 openexr-debugsource-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 7c8cf491ca4d63d6e5ec2db62e58b1b5d372724fe4aed2f66f6eb8e793ad1335 openexr-libs-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: f2525daae0a58f1414903b1f6102e5b4a7e9969e7493282e0d72e109006a82d9 openexr-libs-debuginfo-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 47fda8b5fc4af14899c7f4cde7adef7c7a902f3ab725c5ffe4e133b4d1f188e7 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM openexr-3.1.1-3.el9_6.1.src.rpm SHA-256: 35a95bfd7980221c4cf5b380244723818dd27b4a90600690c55af9035556f44b aarch64 openexr-3.1.1-3.el9_6.1.aarch64.rpm SHA-256: c62c0b75bc7b3917bb92a3b9712e48d54928bce1654d8395ccae33195cfab019 openexr-debuginfo-3.1.1-3.el9_6.1.aarch64.rpm SHA-256: 56148a4f689d2d14926b03dcec7cbfdd38dd067466da7a9c73f62156bfa96944 openexr-debugsource-3.1.1-3.el9_6.1.aarch64.rpm SHA-256: adcdd100f67af5705ca56cda1f9b7ea0050ad389fbaf013dc98083496adcfd22 openexr-libs-3.1.1-3.el9_6.1.aarch64.rpm SHA-256: c2b6a8192d505080655780a0fad572ead8ec209d726276e0f8b32b124c7b7e42 openexr-libs-debuginfo-3.1.1-3.el9_6.1.aarch64.rpm SHA-256: fdd2a6a15f99761e119c6f8564589c7f290f9bc55cc143d3563a8e7033c1337a Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM openexr-3.1.1-3.el9_6.1.src.rpm SHA-256: 35a95bfd7980221c4cf5b380244723818dd27b4a90600690c55af9035556f44b ppc64le openexr-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 9d49e6ccab7878d49202d1e4d8e8b00b4f7e9210109a7b2189e835d7503b2f8a openexr-debuginfo-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 7bd77da62ed3a6ed6dd604022ef89e1bddcf6f0dfa7ec50806f17b305d132358 openexr-debugsource-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 7c8cf491ca4d63d6e5ec2db62e58b1b5d372724fe4aed2f66f6eb8e793ad1335 openexr-libs-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: f2525daae0a58f1414903b1f6102e5b4a7e9969e7493282e0d72e109006a82d9 openexr-libs-debuginfo-3.1.1-3.el9_6.1.ppc64le.rpm SHA-256: 47fda8b5fc4af14899c7f4cde7adef7c7a902f3ab725c5ffe4e133b4d1f188e7 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM openexr-3.1.1-3.el9_6.1.src.rpm SHA-256: 35a95bfd7980221c4cf5b380244723818dd27b4a90600690c55af9035556f44b x86_64 openexr-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 42eb2adc8f81dcf7cda8de3ec04e9b41d16b601cf95008561c253b564435fc02 openexr-debuginfo-3.1.1-3.el9_6.1.i686.rpm SHA-256: e901460f9d9a6ce1c4f7c56b206377e10e8f2a3605fca8d7f9238290557778d0 openexr-debuginfo-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 931b39d2ec42b40413c1b152cec164167f0d3b00010844d4c083518acd282e3c openexr-debugsource-3.1.1-3.el9_6.1.i686.rpm SHA-256: 668cb191508247762d511ce7bb6030b1fe0ff3f7a234264ca98e26c45ed0054d openexr-debugsource-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 7eb65548ddec59f9a31fcc799b959848617cf0342ec046021544bac5da70d239 openexr-libs-3.1.1-3.el9_6.1.i686.rpm SHA-256: 52222ef95830cc7c099232c91be8d0abf7887b009574a1d230a4e78a6237223f openexr-libs-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 31a45ee082fbfc60a260e8fc59eb6cbe8bb767b5db84254758ba88d8d56cd974 openexr-libs-debuginfo-3.1.1-3.el9_6.1.i686.rpm SHA-256: 43d5ac38afaece1043c6aa30f53143a6bdd2a066836544305b816c63e246e7a3 openexr-libs-debuginfo-3.1.1-3.el9_6.1.x86_64.rpm SHA-256: 4608025138db0219d5d96a6be52343b265cb50ebc797bada693b3bf3d620215