Vulnerability Description
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code executes a left shift by 70 on a 64-bit value, which is undefined behavior. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openexr | Openexr | >= 3.0.0, < 3.2.9 |
Related Weaknesses (CWE)
References
- https://github.com/AcademySoftwareFoundation/openexr/commit/21eaa33bcbbb0c83a5fcPatch
- https://github.com/AcademySoftwareFoundation/openexr/pull/2378Issue TrackingPatch
- https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3cExploitVendor AdvisoryMitigation
FAQ
What is CVE-2026-42217?
CVE-2026-42217 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3....
How severe is CVE-2026-42217?
CVE-2026-42217 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-42217?
Check the references section above for vendor advisories and patch information. Affected products include: Openexr Openexr.