An integer overflow vulnerability (CVE-2026-27622, CVSS 7.8 HIGH) in the OpenEXR library allows for arbitrary code execution when processing a malicious EXR image file. Affected versions are openexr before 3.2.6, 3.3.0 through 3.3.7, and 3.4.0 through 3.4.5. The flaw is fixed in versions 3.2.6, 3.3.8, and 3.4.6.
Red Hat Product Errata RHSA-2026:8871 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8871 - Security Advisory Overview Updated Packages Synopsis Important: openexr security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openexr is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fix(es): openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2444251 - CVE-2026-27622 openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVEs CVE-2026-27622 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM openexr-3.1.1-2.el9_4.2.src.rpm SHA-256: 434bc063b314cb5ec0df74f6ca594027806a7c429afce458a089a6b5b7f6fe29 x86_64 openexr-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: d5e6ac60a9f28d028082f7d25c9d7df53b55d4ea88bd20ea1c0882b5e88bff83 openexr-debuginfo-3.1.1-2.el9_4.2.i686.rpm SHA-256: 560b59e522359eb7e445da8501cd4b3d30bcbe34f1b3728cf4d980144b1237e2 openexr-debuginfo-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 3273d028128b4f7fe8eb7fdf6df698b39ce304f853ddcbddc90e77edc38cc6ff openexr-debugsource-3.1.1-2.el9_4.2.i686.rpm SHA-256: aadd431922fdba5722d14ba40622cdaf16d6b69415bd56de6710d39131204d6b openexr-debugsource-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 101e8c21d35c7c5378e98412c2352c5229f9a75cd9ff1abbc3940767f7122f16 openexr-libs-3.1.1-2.el9_4.2.i686.rpm SHA-256: ebb734ad05c992391a0c110554bf745c2d39d2ea403592efe7149adf75edc0a1 openexr-libs-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 996ac4dec7976cbe8518fa348061a058a785a6d968e5c59ac0a6a5d2479c21af openexr-libs-debuginfo-3.1.1-2.el9_4.2.i686.rpm SHA-256: d5fe4c51959edf81b8454a27012971cbf637ce00931808c9f8b7bcb1e35a0992 openexr-libs-debuginfo-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: b564d5b1520fa8a3cd74ff57247cb0e7b1caf07051487fbb26528db63b42761d Red Hat Enterprise Linux Server - AUS 9.4 SRPM openexr-3.1.1-2.el9_4.2.src.rpm SHA-256: 434bc063b314cb5ec0df74f6ca594027806a7c429afce458a089a6b5b7f6fe29 x86_64 openexr-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: d5e6ac60a9f28d028082f7d25c9d7df53b55d4ea88bd20ea1c0882b5e88bff83 openexr-debuginfo-3.1.1-2.el9_4.2.i686.rpm SHA-256: 560b59e522359eb7e445da8501cd4b3d30bcbe34f1b3728cf4d980144b1237e2 openexr-debuginfo-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 3273d028128b4f7fe8eb7fdf6df698b39ce304f853ddcbddc90e77edc38cc6ff openexr-debugsource-3.1.1-2.el9_4.2.i686.rpm SHA-256: aadd431922fdba5722d14ba40622cdaf16d6b69415bd56de6710d39131204d6b openexr-debugsource-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 101e8c21d35c7c5378e98412c2352c5229f9a75cd9ff1abbc3940767f7122f16 openexr-libs-3.1.1-2.el9_4.2.i686.rpm SHA-256: ebb734ad05c992391a0c110554bf745c2d39d2ea403592efe7149adf75edc0a1 openexr-libs-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 996ac4dec7976cbe8518fa348061a058a785a6d968e5c59ac0a6a5d2479c21af openexr-libs-debuginfo-3.1.1-2.el9_4.2.i686.rpm SHA-256: d5fe4c51959edf81b8454a27012971cbf637ce00931808c9f8b7bcb1e35a0992 openexr-libs-debuginfo-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: b564d5b1520fa8a3cd74ff57247cb0e7b1caf07051487fbb26528db63b42761d Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM openexr-3.1.1-2.el9_4.2.src.rpm SHA-256: 434bc063b314cb5ec0df74f6ca594027806a7c429afce458a089a6b5b7f6fe29 s390x openexr-3.1.1-2.el9_4.2.s390x.rpm SHA-256: 6632fad25bfb188fea3e2a07867eea3a0e2acb58c3c27dd1486edbee1389be24 openexr-debuginfo-3.1.1-2.el9_4.2.s390x.rpm SHA-256: f722f7e6d39b63941933fd5fcce0310e2f4646c59509e86c6cc953f663f96722 openexr-debugsource-3.1.1-2.el9_4.2.s390x.rpm SHA-256: 4a3861c411f66bb1114f8863ae995ee9971ebd561035ecd524e7dd0c20ae71ed openexr-libs-3.1.1-2.el9_4.2.s390x.rpm SHA-256: 471d29c5c853f51e1f7b5c5e64215e5a41efd35fa88d846d4792edd56c8b0a9a openexr-libs-debuginfo-3.1.1-2.el9_4.2.s390x.rpm SHA-256: 164b8f6b8276b77cb4690da00f3af1f6aba48c5f492569f72086f3c2b2e29651 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM openexr-3.1.1-2.el9_4.2.src.rpm SHA-256: 434bc063b314cb5ec0df74f6ca594027806a7c429afce458a089a6b5b7f6fe29 ppc64le openexr-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: bf38737db041a0373ef13759d7d8e4fbc31ffd60d4321748762b83618c6923ed openexr-debuginfo-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: d7526d54828bd3e094090667947c7adb5bb880a5851eadbc18149f16e7116438 openexr-debugsource-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: 3f188715048f1f00956abe7cec1e2523d02ae18a0e513cf80f4f0bdd5f71e236 openexr-libs-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: 064c3203174f0d0fcecb9228876a7baa4a6c949b3954a1de13bdd4e7019dff0b openexr-libs-debuginfo-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: 342178ce73ed963d209eabf3e72a453675f157d30cd98c3123171576146e1b0e Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM openexr-3.1.1-2.el9_4.2.src.rpm SHA-256: 434bc063b314cb5ec0df74f6ca594027806a7c429afce458a089a6b5b7f6fe29 aarch64 openexr-3.1.1-2.el9_4.2.aarch64.rpm SHA-256: d5ce0d00d8e87c28f59b977204114d39ef6159c38c4ef47c5f9e9b680d93fc95 openexr-debuginfo-3.1.1-2.el9_4.2.aarch64.rpm SHA-256: 7daac6f06461ecbdbb11b74ab1f553a67d7eb4b4cc48df24caf9283c00a04c60 openexr-debugsource-3.1.1-2.el9_4.2.aarch64.rpm SHA-256: 3cbba197c8e8b999ebbf9aeb568f96d909de7c72b162c3474484f95bbe9a45af openexr-libs-3.1.1-2.el9_4.2.aarch64.rpm SHA-256: b11e0a41a41a23ee061932453262b60111652d3c5b8b79ad313c5415fc93d782 openexr-libs-debuginfo-3.1.1-2.el9_4.2.aarch64.rpm SHA-256: 2707cdbbb602a706dae0acdfa8c64a354cd05432993c2bc9cf4e148c9dc34188 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM openexr-3.1.1-2.el9_4.2.src.rpm SHA-256: 434bc063b314cb5ec0df74f6ca594027806a7c429afce458a089a6b5b7f6fe29 ppc64le openexr-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: bf38737db041a0373ef13759d7d8e4fbc31ffd60d4321748762b83618c6923ed openexr-debuginfo-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: d7526d54828bd3e094090667947c7adb5bb880a5851eadbc18149f16e7116438 openexr-debugsource-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: 3f188715048f1f00956abe7cec1e2523d02ae18a0e513cf80f4f0bdd5f71e236 openexr-libs-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: 064c3203174f0d0fcecb9228876a7baa4a6c949b3954a1de13bdd4e7019dff0b openexr-libs-debuginfo-3.1.1-2.el9_4.2.ppc64le.rpm SHA-256: 342178ce73ed963d209eabf3e72a453675f157d30cd98c3123171576146e1b0e Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM openexr-3.1.1-2.el9_4.2.src.rpm SHA-256: 434bc063b314cb5ec0df74f6ca594027806a7c429afce458a089a6b5b7f6fe29 x86_64 openexr-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: d5e6ac60a9f28d028082f7d25c9d7df53b55d4ea88bd20ea1c0882b5e88bff83 openexr-debuginfo-3.1.1-2.el9_4.2.i686.rpm SHA-256: 560b59e522359eb7e445da8501cd4b3d30bcbe34f1b3728cf4d980144b1237e2 openexr-debuginfo-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 3273d028128b4f7fe8eb7fdf6df698b39ce304f853ddcbddc90e77edc38cc6ff openexr-debugsource-3.1.1-2.el9_4.2.i686.rpm SHA-256: aadd431922fdba5722d14ba40622cdaf16d6b69415bd56de6710d39131204d6b openexr-debugsource-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 101e8c21d35c7c5378e98412c2352c5229f9a75cd9ff1abbc3940767f7122f16 openexr-libs-3.1.1-2.el9_4.2.i686.rpm SHA-256: ebb734ad05c992391a0c110554bf745c2d39d2ea403592efe7149adf75edc0a1 openexr-libs-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: 996ac4dec7976cbe8518fa348061a058a785a6d968e5c59ac0a6a5d2479c21af openexr-libs-debuginfo-3.1.1-2.el9_4.2.i686.rpm SHA-256: d5fe4c51959edf81b8454a27012971cbf637ce00931808c9f8b7bcb1e35a0992 openexr-libs-debuginfo-3.1.1-2.el9_4.2.x86_64.rpm SHA-256: b564d5b1520fa8a3cd74ff57247cb0e7b1caf07051487fbb26528db63b42761