{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-34379","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-27T13:43:14.370Z","datePublished":"2026-04-06T15:21:06.556Z","dateUpdated":"2026-06-30T12:09:14.241Z"},"containers":{"cna":{"title":"OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)","problemTypes":[{"descriptions":[{"cweId":"CWE-704","lang":"en","description":"CWE-704: Incorrect Type Conversion or Cast","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-787","lang":"en","description":"CWE-787: Out-of-bounds Write","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-843","lang":"en","description":"CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24","tags":["x_refsource_CONFIRM"],"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24"},{"name":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7","tags":["x_refsource_MISC"],"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"},{"name":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9","tags":["x_refsource_MISC"],"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"},{"name":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9","tags":["x_refsource_MISC"],"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"}],"affected":[{"vendor":"AcademySoftwareFoundation","product":"openexr","versions":[{"version":">= 3.2.0, < 3.2.7","status":"affected"},{"version":">= 3.3.0, < 3.3.9","status":"affected"},{"version":">= 3.4.0, < 3.4.9","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-07T03:07:14.371Z"},"descriptions":[{"lang":"en","value":"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."}],"source":{"advisory":"GHSA-w88v-vqhq-5p24","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-06T18:38:21.966448Z","id":"CVE-2026-34379","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-06T18:38:32.682Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"}],"datePublic":"2026-04-06T15:21:06.556Z","descriptions":[{"lang":"en","value":"A flaw was found in OpenEXR, an image storage format library for the motion picture industry. A remote attacker could exploit this vulnerability by providing a specially crafted DWA or DWAB-compressed EXR file containing a FLOAT-type channel. When the file is decoded, a misaligned memory write occurs during a half-precision to single-precision floating-point (HALF→FLOAT) conversion. This can lead to a denial of service (DoS) by crashing the application on systems with strict memory alignment enforcement, such as ARM and RISC-V architectures."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-475","description":"Undefined Behavior for Input to API","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-34379"},{"name":"RHBZ#2455402","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455402"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34379.json"}],"timeline":[{"lang":"en","time":"2026-04-06T16:02:18.419Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-06T15:21:06.556Z","value":"Made public."}],"title":"OpenEXR: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:09:14.241Z"}}]}}