UBUNTU-CVE-2026-34380

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-34380
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34380.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-34380
Upstream
Downstream
Related
Published
2026-04-06T16:16:00Z
Modified
2026-05-08T13:55:06.918806Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl() in src/lib/OpenEXRCore/internalpxr24.c at line 377. The expression (uint64t)(w * 3) computes w * 3 as a signed 32-bit integer before casting to uint64_t. When w is large, this multiplication constitutes undefined behavior under the C standard. On tested builds (clang/gcc without sanitizers), two's-complement wraparound commonly occurs, and for specific values of w the wrapped result is a small positive integer, which may allow the subsequent bounds check to pass incorrectly. If the check is bypassed, the decoding loop proceeds to write pixel data through dout, potentially extending far beyond the allocated output buffer. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

References

Affected packages

Ubuntu:Pro:24.04:LTS / openexr

Package

Name
openexr
Purl
pkg:deb/ubuntu/openexr@3.1.5-5.1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.5-5.1ubuntu0.1~esm1

Affected versions

3.*
3.1.5-5.1
3.1.5-5.1build1
3.1.5-5.1build2
3.1.5-5.1build3

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.5-5.1ubuntu0.1~esm1",
            "binary_name": "libopenexr-3-1-30"
        },
        {
            "binary_version": "3.1.5-5.1ubuntu0.1~esm1",
            "binary_name": "openexr"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34380.json"

Ubuntu:25.10 / openexr

Package

Name
openexr
Purl
pkg:deb/ubuntu/openexr@3.1.13-2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.1.13-2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "3.1.13-2",
            "binary_name": "libopenexr-3-1-30"
        },
        {
            "binary_version": "3.1.13-2",
            "binary_name": "openexr"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34380.json"

Ubuntu:Pro:26.04:LTS / openexr

Package

Name
openexr
Purl
pkg:deb/ubuntu/openexr@3.1.13-2ubuntu0.26.04.1~esm1?arch=source&distro=esm-apps/resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.13-2ubuntu0.26.04.1~esm1

Affected versions

3.*
3.1.13-2
3.1.13-2build1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.13-2ubuntu0.26.04.1~esm1",
            "binary_name": "libopenexr-3-1-30"
        },
        {
            "binary_version": "3.1.13-2ubuntu0.26.04.1~esm1",
            "binary_name": "openexr"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34380.json"