An integer overflow vulnerability (CVE-2026-27622, CVSS 7.8 HIGH) in OpenEXR allows arbitrary code execution during EXR file processing. Affected versions are openexr before 3.2.6, 3.3.0 through 3.3.7, and 3.4.0 through 3.4.5. The fixed versions are 3.2.6, 3.3.8, and 3.4.6.
Red Hat Product Errata RHSA-2026:12340 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12340 - Security Advisory Overview Updated Packages Synopsis Important: OpenEXR security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for OpenEXR is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format. Security Fix(es): openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 8.2 x86_64 Fixes BZ - 2444251 - CVE-2026-27622 openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVEs CVE-2026-27622 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 8.2 SRPM OpenEXR-2.2.0-11.el8_2.1.src.rpm SHA-256: 9e6fc38a79260e04498df1f6d1d5e07fa04b6faf191e2cddc4260a513f326ab6 x86_64 OpenEXR-debuginfo-2.2.0-11.el8_2.1.i686.rpm SHA-256: 76d566af8d037eb2eac266b6c79a14a8cf47b08e159276bf84890f93e7046263 OpenEXR-debuginfo-2.2.0-11.el8_2.1.x86_64.rpm SHA-256: 8803a2ed0e98a5a6aebc5fed2c12bb2a272f7f78aaf2f3f2443c46703bc16c09 OpenEXR-debugsource-2.2.0-11.el8_2.1.i686.rpm SHA-256: 8ebf0d2d3e7a35501d292d93aa0f1977035de376e247a762606949e1466b2b38 OpenEXR-debugsource-2.2.0-11.el8_2.1.x86_64.rpm SHA-256: ad34af34821bff700f903f9ff0d2985aeb7271a2caca964d0fca8eb52207c18f OpenEXR-libs-2.2.0-11.el8_2.1.i686.rpm SHA-256: 694e56f390e14f6f035e8936be8dd030ff2ee00c718454b102f6222ce9f411d8 OpenEXR-libs-2.2.0-11.el8_2.1.x86_64.rpm SHA-256: 3306874ed3f02214236e4d0052387f6b2adb95f11f6fc64e8747b2f57c0144dc OpenEXR-libs-debuginfo-2.2.0-11.el8_2.1.i686.rpm SHA-256: 652126b1c6d063b1a1a485341735ca6d56dcb4b41eb43c1648da479edf6ae7cc OpenEXR-libs-debuginfo-2.2.0-11.el8_2.1.x86_64.rpm SHA-256: e87277873934907094eab7ba08023d999a78c2c5300390c1b65cdb9348b2cf53 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .