{"id":"CVE-2026-41142","summary":"OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API","details":"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to heap OOB write via OpenEXRUtil public API. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.","aliases":["GHSA-m25w-72cj-q6mg"],"modified":"2026-06-18T17:01:21.349670Z","published":"2026-05-07T03:58:09.483Z","related":["CGA-xrpf-68cm-jg7h","SUSE-SU-2026:2114-1","SUSE-SU-2026:21796-1","openSUSE-SU-2026:10772-1","openSUSE-SU-2026:20755-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-190"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41142.json"},"references":[{"type":"ADVISORY","url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m25w-72cj-q6mg"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41142.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41142"},{"type":"FIX","url":"https://github.com/AcademySoftwareFoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4"},{"type":"FIX","url":"https://github.com/AcademySoftwareFoundation/openexr/pull/2367"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/academysoftwarefoundation/openexr","events":[{"introduced":"0"},{"fixed":"97f56983d93adc6eb9e6789c144720224de48490"},{"introduced":"c7d3eac70ccde2c4ed484c6638b83ba872f71464"},{"fixed":"c949e9f7be387daeac44797e04b7e6951e583901"},{"introduced":"20a65852895894434bea88613f6d29ac8e88bd6e"},{"fixed":"d25e2a83b5a5f0eb9e350de8218fa27c348da203"},{"fixed":"0592ee539f33c122c90f09238579b902d838afb4"}],"database_specific":{"cpe":"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"3.0.0"},{"fixed":"3.2.9"},{"introduced":"3.3.0"},{"fixed":"3.3.11"},{"introduced":"3.4.0"},{"fixed":"3.4.11"}]}}],"versions":["v3.4.11-rc2","v3.4.11-rc","v3.4.10-rc","v3.4.10","v3.3.10-rc2","v3.3.10","v3.2.8-rc","v3.2.8","v3.3.10-rc","v3.2.7-rc","v3.2.7","v3.3.9-rc2","v3.3.9","v3.4.9","v3.3.9-rc","v3.2.6-rc","v3.2.6","v3.3.8-rc","v3.3.8","v3.4.9-rc","v3.4.8-rc","v3.4.8","v3.4.7","v3.4.7-rc","v3.4.6","v3.4.6-rc","v3.2.5-rc","v3.2.5","v3.3.7-rc4","v3.3.7","v3.4.5","v3.4.5-rc","v3.3.7-rc3","v3.3.7-rc2","v3.3.7-rc","v3.3.6","v3.4.4-rc2","v3.4.4","v3.4.4-rc","v3.4.3-rc3","v3.4.3","v3.3.6-rc4","v3.3.6-rc3","v3.4.3-rc2","v3.2.4-rc2","v3.2.4","v3.3.6-rc2","v3.4.3-rc","v3.3.6-rc","v3.3.5","v3.4.2-rc2","v3.4.2","v3.4.2-rc","v3.4.1-rc2","v3.4.1","v3.4.1-rc","v3.4.0","v3.4-alpha","v3.3.5-rc3","v3.3.5-rc","v3.3.4-rc","v3.3.4","v3.3.3-rc1","v3.3.3","v3.3.3-rc","v3.3.2-rc4","v3.3.2","v3.3.2-rc3","v3.3.2-rc2","v3.3.2-rc","v3.3.1-rc","v3.3.1","v3.3.0-rc2","v3.3.0","v3.2.4-rc","v3.2.3-rc2","v3.2.3","v3.2.3-rc","v3.2.2","v3.2.2-rc2","v3.2.2-rc","v3.2.1-rc","v3.2.1","v3.2.0-rc4","v3.2.0","v3.2.0-rc3","v3.2.0-rc2","v3.2.0-rc","v3.0.0-beta","v2.5.0","v2.4.0","v2.4.0-beta.1","v2.3.0","v2.1.0","v2.0.1","v2.0.0.GM","v2.0.0","v1.7.1","OPENEXR_1_0_4"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/lib/OpenEXRUtil/ImfImageChannel.cpp","function":"ImageChannel::resize"},"digest":{"length":853,"function_hash":"225405135319510722991181879886345682748"},"source":"https://github.com/academysoftwarefoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4","signature_type":"Function","id":"CVE-2026-41142-559754a0","deprecated":false,"signature_version":"v1"},{"target":{"file":"src/lib/OpenEXRUtil/ImfImageChannel.cpp"},"digest":{"line_hashes":["288326435167640511617134974759597329137","107841475162533466665307285732516149085","139814732693883832390136318659253313779","83778521140899717721679112398508762450","19258205456808516973899658725989218792","121735656350200240898112988153553666782","331897746701200777008001189006020126672","180439581436811594120491438305140169377","128981989704109237140574338837951643302","290323907752837846379582881428519502594","48353549390130874952405703931546488203"],"threshold":0.9},"source":"https://github.com/academysoftwarefoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4","signature_type":"Line","id":"CVE-2026-41142-973d2f74","deprecated":false,"signature_version":"v1"},{"target":{"file":"src/test/OpenEXRUtilTest/main.cpp","function":"main"},"digest":{"length":911,"function_hash":"104974620034874621467862266744658081743"},"source":"https://github.com/academysoftwarefoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4","signature_type":"Function","id":"CVE-2026-41142-c706d1ea","deprecated":false,"signature_version":"v1"},{"target":{"file":"src/test/OpenEXRUtilTest/main.cpp"},"digest":{"line_hashes":["299996418681741549108758392976384479859","74938255902287372607804524278181586603","226904714323687835639535222939791014655","265076481739185205203591563373058715220","215437533031424948790996368134324447301","55240607382765525229503486930008800844","65907418132666042298473230510876756846","145433945433198055134423134655308545734"],"threshold":0.9},"source":"https://github.com/academysoftwarefoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4","signature_type":"Line","id":"CVE-2026-41142-f44bc9a7","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41142.json","vanir_signatures_modified":"2026-06-18T17:01:21Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}