FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openexr -- buffer overflow in istream_nonparallel_read on invalid input data

Affected packages
openexr < 3.3.7
3.4.0 <= openexr < 3.4.5

Details

VuXML ID 716d25a6-0fdc-11f1-bfdf-ff9355aecb00
Discovery 2026-02-16
Entry 2026-02-22

Cary Phillips reports:

[openexr] v3.4.5 [...] fixes an incorrect size check in istream_nonparallel_read that could lead to a buffer overflow on invalid input data.

References

URL https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef
URL https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.5