CVE-2026-27622
- Source
- https://cve.org/CVERecord?id=CVE-2026-27622
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-27622.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-27622
- Aliases
- Downstream
- Related
- Published
- 2026-03-03T22:42:49.086Z
- Modified
- 2026-05-28T03:53:14.327222616Z
- Severity
-
- 8.4 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write
- Details
-
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> totalsizes for attacker-controlled large counts across many parts, totalsizes[ptr] wraps modulo 2^32. overallsamplecount is then derived from wrapped totals and used in samples[channel].resize(overallsamplecount). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (genericunpackdeep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27622.json", "cwe_ids": [ "CWE-787" ], "cna_assigner": "GitHub_M" }- References