A critical vulnerability (CVE-2026-34588, CVSS 7.8 HIGH) in the OpenEXR image library allows arbitrary code execution and information disclosure when processing a maliciously crafted EXR file. The flaw affects OpenEXR versions 3.1.0 through 3.1.x (as patched by Red Hat), as well as versions 3.2.0 through 3.2.6, 3.3.0 through 3.3.8, and 3.4.0 through 3.4.8 according to NVD data. Red Hat Enterprise Linux 9 users should apply the provided security update immediately.
Red Hat Product Errata RHSA-2026:15887 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:15887 - Security Advisory Overview Updated Packages Synopsis Important: openexr security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openexr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fix(es): OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file (CVE-2026-34588) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2455408 - CVE-2026-34588 OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVEs CVE-2026-34588 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM openexr-3.1.1-3.el9_7.2.src.rpm SHA-256: f73126dd57a79ace1f1d2661af6c19fde361862d2f26f250a13dfb93d86ee1ea x86_64 openexr-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: 451519653d6ab390c32da81e45971b46c8dea6f8ddc5d5f6da1de10eaa0283b3 openexr-debuginfo-3.1.1-3.el9_7.2.i686.rpm SHA-256: fa1c8a3639e3c4658ae567b81cf3b73ca91283740148da4ed9586fcfeb47a22c openexr-debuginfo-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: 2bee469a54697027b211fd44648abe8296bed3faa4c3ab8ca6cb7c1db90a7b46 openexr-debugsource-3.1.1-3.el9_7.2.i686.rpm SHA-256: 38c1f791a604ddd78b8da41b482506a529c45730df01812d471e965a799d2ccd openexr-debugsource-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: dc3b0db8e17f24719fff2fc5ce51e650d259ae044a0a8e4220b79b1a6232772d openexr-libs-3.1.1-3.el9_7.2.i686.rpm SHA-256: 1bed148399aa4acf18a7ba7948d02da6c4816d65d24c29a5d9342faf3ceea9e5 openexr-libs-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: 950485d1647e623f9ac76fa5021e429bf27b4753a11d6adeb62da5e3b1d497e8 openexr-libs-debuginfo-3.1.1-3.el9_7.2.i686.rpm SHA-256: 00a789196582b5793cec99d9e6983dc4ece5ce399d535f6a210d7944f72b9575 openexr-libs-debuginfo-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: 6d26b2bc71c2aecc7e8fe63ddbef598f45b784c3e76f060958224a26874f8b99 Red Hat Enterprise Linux for IBM z Systems 9 SRPM openexr-3.1.1-3.el9_7.2.src.rpm SHA-256: f73126dd57a79ace1f1d2661af6c19fde361862d2f26f250a13dfb93d86ee1ea s390x openexr-3.1.1-3.el9_7.2.s390x.rpm SHA-256: 0029c9f4c273a6b40bb6ab15d0d5d3ac61cce872715902ab1495a115df382d9f openexr-debuginfo-3.1.1-3.el9_7.2.s390x.rpm SHA-256: f219f55b556b93f2d1a5fbe41802254ce14b053444bde24df726b72eeacf5696 openexr-debugsource-3.1.1-3.el9_7.2.s390x.rpm SHA-256: 8a53566b8668a24f14c9e2a252b58e17402eb1fc4bba50210ca236003a7b73b0 openexr-libs-3.1.1-3.el9_7.2.s390x.rpm SHA-256: 7a274c68f7de7cfc9fbbc0592d5497a98f4906881cb1bc517db6167cd90cae5c openexr-libs-debuginfo-3.1.1-3.el9_7.2.s390x.rpm SHA-256: fb9d57a92c0bf959a3a674b5153c15b1d6702d7539a237db4a1924a3a7c5caba Red Hat Enterprise Linux for Power, little endian 9 SRPM openexr-3.1.1-3.el9_7.2.src.rpm SHA-256: f73126dd57a79ace1f1d2661af6c19fde361862d2f26f250a13dfb93d86ee1ea ppc64le openexr-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: ab4327eb900c320b9d5b1921305dd431fecf39d5f08f30074d1afec79147bae4 openexr-debuginfo-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: 2683d5dd2d4c78998ac6874bf210a6bf5538532d29f439bcc5c439a6e43944b6 openexr-debugsource-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: 049941053868bae75e7c5e647951bf8f670adeaf546cf1b086c71e1179bd6eb4 openexr-libs-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: 2be646ac2ea7c56d78c10efaf404fdb3a0c241b89dcd4ef0c030b4bdd069374d openexr-libs-debuginfo-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: df867016c1768b20dda5674b98d5249b961d7a78475e7dcce0cd2992dafed34a Red Hat Enterprise Linux for ARM 64 9 SRPM openexr-3.1.1-3.el9_7.2.src.rpm SHA-256: f73126dd57a79ace1f1d2661af6c19fde361862d2f26f250a13dfb93d86ee1ea aarch64 openexr-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: 9009d41190f0e3158c09cd08b137e5141e6efc27f15896ba13fc2df9a144b59e openexr-debuginfo-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: 2e660050ca0db31676f9abbf6d06c31906cb55c6565e93d634fb66399e0023fa openexr-debugsource-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: 7bcfe09b68b92aad291df667a11d09d9c2589d17ba29e5438788552c3a80f4a6 openexr-libs-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: e2b15f05c4bb9932bb1ff9a11ad95dac931e693bc088ce4a0e7febc06151f68c openexr-libs-debuginfo-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: 2127f9c9a0c60ef8881fd4a36f8d0e8a08bbd408100aa3c42a88c26140097d6e Red Hat CodeReady Linux Builder for x86_64 9 SRPM x86_64 openexr-debuginfo-3.1.1-3.el9_7.2.i686.rpm SHA-256: fa1c8a3639e3c4658ae567b81cf3b73ca91283740148da4ed9586fcfeb47a22c openexr-debuginfo-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: 2bee469a54697027b211fd44648abe8296bed3faa4c3ab8ca6cb7c1db90a7b46 openexr-debugsource-3.1.1-3.el9_7.2.i686.rpm SHA-256: 38c1f791a604ddd78b8da41b482506a529c45730df01812d471e965a799d2ccd openexr-debugsource-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: dc3b0db8e17f24719fff2fc5ce51e650d259ae044a0a8e4220b79b1a6232772d openexr-devel-3.1.1-3.el9_7.2.i686.rpm SHA-256: f288e10b3f0fc9fe487631b398de115f9aefc1f239a2408dda298bcdd915e413 openexr-devel-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: d14872cf04835f60f8e349c300bcb4f9b826dcb19cea77ab861109b95ea75c17 openexr-libs-debuginfo-3.1.1-3.el9_7.2.i686.rpm SHA-256: 00a789196582b5793cec99d9e6983dc4ece5ce399d535f6a210d7944f72b9575 openexr-libs-debuginfo-3.1.1-3.el9_7.2.x86_64.rpm SHA-256: 6d26b2bc71c2aecc7e8fe63ddbef598f45b784c3e76f060958224a26874f8b99 Red Hat CodeReady Linux Builder for Power, little endian 9 SRPM ppc64le openexr-debuginfo-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: 2683d5dd2d4c78998ac6874bf210a6bf5538532d29f439bcc5c439a6e43944b6 openexr-debugsource-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: 049941053868bae75e7c5e647951bf8f670adeaf546cf1b086c71e1179bd6eb4 openexr-devel-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: f22b21559e1150c84028ea2342a56d6a16c2fcc495459672d021fc70e96c4347 openexr-libs-debuginfo-3.1.1-3.el9_7.2.ppc64le.rpm SHA-256: df867016c1768b20dda5674b98d5249b961d7a78475e7dcce0cd2992dafed34a Red Hat CodeReady Linux Builder for ARM 64 9 SRPM aarch64 openexr-debuginfo-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: 2e660050ca0db31676f9abbf6d06c31906cb55c6565e93d634fb66399e0023fa openexr-debugsource-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: 7bcfe09b68b92aad291df667a11d09d9c2589d17ba29e5438788552c3a80f4a6 openexr-devel-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: db4e389d1738c93ddc5f61f6ef0404a4210e64270bf30c498938afb7ffc0f08e openexr-libs-debuginfo-3.1.1-3.el9_7.2.aarch64.rpm SHA-256: 2127f9c9a0c60ef8881fd4a36f8d0e8a08bbd408100aa3c42a88c26140097d6e Red Hat CodeReady Linux Builder for IBM z Systems 9 SRPM s390x openexr-debuginfo-3.1.1-3.el9_7.2.s390x.rpm SHA-256: f219f55b556b93f2d1a5fbe41802254ce14b053444bde24df726b72eeacf5696 openexr-debugsource-3.1.1-3.el9_7.2.s390x.rpm SHA-256: 8a53566b8668a24f14c9e2a252b58e17402eb1fc4bba50210ca236003a7b73b0 openexr-devel-3.1.1-3.el9_7.2.s390x.rpm SHA-256: 16a6a84a80f9fa2ad160eb10346fd636913ccadc99a66a9edbd94eb2e0c7e20c openexr-libs-debuginfo-3.1.1-3.el9_7.2.s390x.rpm SHA-256: fb9d57a92c0bf959a3a674b5153c15b1d6702d7539a237db4a1924a3a7c5caba The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .