An integer overflow vulnerability (CVE-2026-27622, CVSS 7.8 High) in OpenEXR allows arbitrary code execution via maliciously crafted EXR image files. The vulnerability affects OpenEXR versions prior to 3.2.6, versions 3.3.0 through 3.3.7, and versions 3.4.0 through 3.4.5. Red Hat has issued an Important security update with patched packages for specific RHEL 8.8 Extended Update Support channels.
Red Hat Product Errata RHSA-2026:12338 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12338 - Security Advisory Overview Updated Packages Synopsis Important: OpenEXR security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for OpenEXR is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format. Security Fix(es): openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server - TUS 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2444251 - CVE-2026-27622 openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVEs CVE-2026-27622 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM OpenEXR-2.2.0-12.el8_8.1.src.rpm SHA-256: 65200b67b1462977be91aa5c16b18009268d5ba3b39c2701d9b03c3c2de3d2a7 x86_64 OpenEXR-debuginfo-2.2.0-12.el8_8.1.i686.rpm SHA-256: d1b379795c198f2b336b53debbff5674dcb2da1806cf80dc16142fa8c38eb19e OpenEXR-debuginfo-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 66d4c9fc4bcf356ee1fdbc634bc5d6329aaf41ccb537164dc5c74858411f9a9c OpenEXR-debugsource-2.2.0-12.el8_8.1.i686.rpm SHA-256: a286508ca2f319b03730c851e205a349d58b5aeee198ddd0d2a1f57402372dd5 OpenEXR-debugsource-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 9ace03aec41620e146d7f8b5b1a3ed5833c3b35028b758c4518f7ad6000d96ba OpenEXR-libs-2.2.0-12.el8_8.1.i686.rpm SHA-256: 6001c6adbdfd7c55174e1fe43855d3867fc7651a3fada23233b38034896d873c OpenEXR-libs-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 92d9ac012a31d4f34a1d62df5ed28ee03c8b9d608b9b99f8327685c3e7beebea OpenEXR-libs-debuginfo-2.2.0-12.el8_8.1.i686.rpm SHA-256: d25e3b0e51fc2c96ffb107d438404e86b9bf5d695627dd227a5a42b437a2ca9a OpenEXR-libs-debuginfo-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 58eea75426fce11eee2c7e9971b2aff9422912148df2aa67928d000db9172c74 Red Hat Enterprise Linux Server - TUS 8.8 SRPM OpenEXR-2.2.0-12.el8_8.1.src.rpm SHA-256: 65200b67b1462977be91aa5c16b18009268d5ba3b39c2701d9b03c3c2de3d2a7 x86_64 OpenEXR-debuginfo-2.2.0-12.el8_8.1.i686.rpm SHA-256: d1b379795c198f2b336b53debbff5674dcb2da1806cf80dc16142fa8c38eb19e OpenEXR-debuginfo-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 66d4c9fc4bcf356ee1fdbc634bc5d6329aaf41ccb537164dc5c74858411f9a9c OpenEXR-debugsource-2.2.0-12.el8_8.1.i686.rpm SHA-256: a286508ca2f319b03730c851e205a349d58b5aeee198ddd0d2a1f57402372dd5 OpenEXR-debugsource-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 9ace03aec41620e146d7f8b5b1a3ed5833c3b35028b758c4518f7ad6000d96ba OpenEXR-libs-2.2.0-12.el8_8.1.i686.rpm SHA-256: 6001c6adbdfd7c55174e1fe43855d3867fc7651a3fada23233b38034896d873c OpenEXR-libs-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 92d9ac012a31d4f34a1d62df5ed28ee03c8b9d608b9b99f8327685c3e7beebea OpenEXR-libs-debuginfo-2.2.0-12.el8_8.1.i686.rpm SHA-256: d25e3b0e51fc2c96ffb107d438404e86b9bf5d695627dd227a5a42b437a2ca9a OpenEXR-libs-debuginfo-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 58eea75426fce11eee2c7e9971b2aff9422912148df2aa67928d000db9172c74 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 SRPM OpenEXR-2.2.0-12.el8_8.1.src.rpm SHA-256: 65200b67b1462977be91aa5c16b18009268d5ba3b39c2701d9b03c3c2de3d2a7 ppc64le OpenEXR-debuginfo-2.2.0-12.el8_8.1.ppc64le.rpm SHA-256: f8920a141316f097609697b9b831a8a221de7336dddc5b5895b805c023d868f5 OpenEXR-debugsource-2.2.0-12.el8_8.1.ppc64le.rpm SHA-256: 3651228e14fb8dc805f82ba8b44397218de8fbaf57f7f4e1f68eb8494979cedd OpenEXR-libs-2.2.0-12.el8_8.1.ppc64le.rpm SHA-256: ee814884c3f591bd2b6183e6025ae4685dc23b72ebb75827897ddc83b5e5cae8 OpenEXR-libs-debuginfo-2.2.0-12.el8_8.1.ppc64le.rpm SHA-256: c1bf1b1b8939ce85ccd908af62a8148a46e6294d1647756abc3e9d1f78ad1c88 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 SRPM OpenEXR-2.2.0-12.el8_8.1.src.rpm SHA-256: 65200b67b1462977be91aa5c16b18009268d5ba3b39c2701d9b03c3c2de3d2a7 x86_64 OpenEXR-debuginfo-2.2.0-12.el8_8.1.i686.rpm SHA-256: d1b379795c198f2b336b53debbff5674dcb2da1806cf80dc16142fa8c38eb19e OpenEXR-debuginfo-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 66d4c9fc4bcf356ee1fdbc634bc5d6329aaf41ccb537164dc5c74858411f9a9c OpenEXR-debugsource-2.2.0-12.el8_8.1.i686.rpm SHA-256: a286508ca2f319b03730c851e205a349d58b5aeee198ddd0d2a1f57402372dd5 OpenEXR-debugsource-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 9ace03aec41620e146d7f8b5b1a3ed5833c3b35028b758c4518f7ad6000d96ba OpenEXR-libs-2.2.0-12.el8_8.1.i686.rpm SHA-256: 6001c6adbdfd7c55174e1fe43855d3867fc7651a3fada23233b38034896d873c OpenEXR-libs-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 92d9ac012a31d4f34a1d62df5ed28ee03c8b9d608b9b99f8327685c3e7beebea OpenEXR-libs-debuginfo-2.2.0-12.el8_8.1.i686.rpm SHA-256: d25e3b0e51fc2c96ffb107d438404e86b9bf5d695627dd227a5a42b437a2ca9a OpenEXR-libs-debuginfo-2.2.0-12.el8_8.1.x86_64.rpm SHA-256: 58eea75426fce11eee2c7e9971b2aff9422912148df2aa67928d000db9172c74 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .