An integer overflow vulnerability (CVE-2026-27622, CVSS 7.8 HIGH) in OpenEXR allows arbitrary code execution when processing a malicious EXR image file. The vulnerability affects OpenEXR versions prior to 3.2.6, versions 3.3.0 through 3.3.7, and versions 3.4.0 through 3.4.5. Red Hat has rated this update as Important and provides patched packages for Red Hat Enterprise Linux 9.
Red Hat Product Errata RHSA-2026:8888 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8888 - Security Advisory Overview Updated Packages Synopsis Important: openexr security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openexr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fix(es): openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2444251 - CVE-2026-27622 openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVEs CVE-2026-27622 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM openexr-3.1.1-3.el9_7.1.src.rpm SHA-256: 106912ce2c1e0f3607d744933ffee922bbad2887619cde33983cb477d163b3a3 x86_64 openexr-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: 9ddd9b503551b91d235eed1e9be7ecdcfef430c0c03e0f884f4f2ef78fd33d2b openexr-debuginfo-3.1.1-3.el9_7.1.i686.rpm SHA-256: de07771f32dfd53444413c7254e3b363ec5ff88af3db1e64d2cb6ce75526ca17 openexr-debuginfo-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: d8d48171b53a3b4e05e145e356ba529047933fbb6ad5dd731e4d3705647b2142 openexr-debugsource-3.1.1-3.el9_7.1.i686.rpm SHA-256: 6ceaa0734fce37c0d4c2068a4d5e3f27f7ae2148ce36f139edceee4db2e5cdb4 openexr-debugsource-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: bc11586595c8e14b974e31258bce31fee48b6d454e7a354096ec1bda123db54f openexr-libs-3.1.1-3.el9_7.1.i686.rpm SHA-256: 3e961826cdb29b8339a013975d965332eaaeb2402acf531f3fe53655ea1a2b3f openexr-libs-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: 8a33397e8f6d9c96b13c530ea8b09786094d48b9c604871bce5ca9f361ae677a openexr-libs-debuginfo-3.1.1-3.el9_7.1.i686.rpm SHA-256: 43b889bea70445fe399094d10d08bea579d54d9520b900e1d9a0c8f93087a0a7 openexr-libs-debuginfo-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: d88279159b8e75f5874389153c30cdd34abe2e44761d54bff426df3c0d373427 Red Hat Enterprise Linux for IBM z Systems 9 SRPM openexr-3.1.1-3.el9_7.1.src.rpm SHA-256: 106912ce2c1e0f3607d744933ffee922bbad2887619cde33983cb477d163b3a3 s390x openexr-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 49f55cf6179dc475ac16d6953535fd9cb94ed3d357c374334877b51b753b0d57 openexr-debuginfo-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 272bbaf8abc7c4046a92584eb191c28d40c0c90390a3957a169cf77320ddf17c openexr-debugsource-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 9c0a284288eaec8626604bc1e80fa8b9094523f56a5994e7e127fd041aa8812f openexr-libs-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 851e9eda3cc891087deaa71d8a0a266f749e9b988cca1185274cfec17dfd3fd1 openexr-libs-debuginfo-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 1cc1e382fd1c99c9d5b050f80fa1d9fea1882938ca0a08682440c4c9fb609b26 Red Hat Enterprise Linux for Power, little endian 9 SRPM openexr-3.1.1-3.el9_7.1.src.rpm SHA-256: 106912ce2c1e0f3607d744933ffee922bbad2887619cde33983cb477d163b3a3 ppc64le openexr-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: 36c32ef243ad6d1b87b59c9bf427a14fa2b6dc89b6a6c554760407183a9a9b86 openexr-debuginfo-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: 802ea963e24a493c7818f3f128bb73bb6b7792242ee4c3044d24eabbfba01521 openexr-debugsource-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: a551e8f73b6108c5e3df2ff800b767cf3a886c8d095002147e12b350477c610f openexr-libs-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: 46814c4ef23deabc56a79897ed0d6d00b49ec675a94fdb890df4e7fd94bf4db2 openexr-libs-debuginfo-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: 5b15606162e8136241a62b57064fcf8fe50cf1abdc551aa99e25580ae9017ac6 Red Hat Enterprise Linux for ARM 64 9 SRPM openexr-3.1.1-3.el9_7.1.src.rpm SHA-256: 106912ce2c1e0f3607d744933ffee922bbad2887619cde33983cb477d163b3a3 aarch64 openexr-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 55c6bf2cf5cc08eb81829720c79cda3bb01aeb5f33813c269132f28ad2a7213a openexr-debuginfo-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 8859ba4652b0c3869ce21f8e3f2954be7c1ef2edc708e03d191128220007d2d4 openexr-debugsource-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 9173365803753697bce0a3c8451f7b40b75346b17b97fb656562bb138ccf22cc openexr-libs-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 51267fe41e3c1b6e5bcea2f7731c5b79a3b5638e097db6b8c6a63c8c4d7d664e openexr-libs-debuginfo-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 01b412754e76b0b26652e3a0c4e7f92296000bb05ef76ba810d294132d323123 Red Hat CodeReady Linux Builder for x86_64 9 SRPM x86_64 openexr-debuginfo-3.1.1-3.el9_7.1.i686.rpm SHA-256: de07771f32dfd53444413c7254e3b363ec5ff88af3db1e64d2cb6ce75526ca17 openexr-debuginfo-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: d8d48171b53a3b4e05e145e356ba529047933fbb6ad5dd731e4d3705647b2142 openexr-debugsource-3.1.1-3.el9_7.1.i686.rpm SHA-256: 6ceaa0734fce37c0d4c2068a4d5e3f27f7ae2148ce36f139edceee4db2e5cdb4 openexr-debugsource-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: bc11586595c8e14b974e31258bce31fee48b6d454e7a354096ec1bda123db54f openexr-devel-3.1.1-3.el9_7.1.i686.rpm SHA-256: 9d4738e10473f0c993ddda8e3ac61757cb90fbf8b7487fa2a28a2cb2d4ce195d openexr-devel-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: be7ad74053e6693bb86bfc79332958841d707ac6c7e7eca78ca6832e8ef5a15d openexr-libs-debuginfo-3.1.1-3.el9_7.1.i686.rpm SHA-256: 43b889bea70445fe399094d10d08bea579d54d9520b900e1d9a0c8f93087a0a7 openexr-libs-debuginfo-3.1.1-3.el9_7.1.x86_64.rpm SHA-256: d88279159b8e75f5874389153c30cdd34abe2e44761d54bff426df3c0d373427 Red Hat CodeReady Linux Builder for Power, little endian 9 SRPM ppc64le openexr-debuginfo-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: 802ea963e24a493c7818f3f128bb73bb6b7792242ee4c3044d24eabbfba01521 openexr-debugsource-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: a551e8f73b6108c5e3df2ff800b767cf3a886c8d095002147e12b350477c610f openexr-devel-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: 17885d70dd40828b731b794339b07891e129cd58c1171d8642a367e797e70863 openexr-libs-debuginfo-3.1.1-3.el9_7.1.ppc64le.rpm SHA-256: 5b15606162e8136241a62b57064fcf8fe50cf1abdc551aa99e25580ae9017ac6 Red Hat CodeReady Linux Builder for ARM 64 9 SRPM aarch64 openexr-debuginfo-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 8859ba4652b0c3869ce21f8e3f2954be7c1ef2edc708e03d191128220007d2d4 openexr-debugsource-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 9173365803753697bce0a3c8451f7b40b75346b17b97fb656562bb138ccf22cc openexr-devel-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 2abc5c58301a2f3acc00cbc0f0666abefe0c67f89b7dbca3b208c1adc3787a5a openexr-libs-debuginfo-3.1.1-3.el9_7.1.aarch64.rpm SHA-256: 01b412754e76b0b26652e3a0c4e7f92296000bb05ef76ba810d294132d323123 Red Hat CodeReady Linux Builder for IBM z Systems 9 SRPM s390x openexr-debuginfo-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 272bbaf8abc7c4046a92584eb191c28d40c0c90390a3957a169cf77320ddf17c openexr-debugsource-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 9c0a284288eaec8626604bc1e80fa8b9094523f56a5994e7e127fd041aa8812f openexr-devel-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 947d8cbf0e318e3d416cbe9cbe428d01b176aa9424694adf5d4eb088e6bd6c38 openexr-libs-debuginfo-3.1.1-3.el9_7.1.s390x.rpm SHA-256: 1cc1e382fd1c99c9d5b050f80fa1d9fea1882938ca0a08682440c4c9fb609b26 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .