{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-40244","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-04-10T17:31:45.786Z","datePublished":"2026-04-21T01:30:55.061Z","dateUpdated":"2026-06-30T12:08:56.829Z"},"containers":{"cna":{"title":"OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589)","problemTypes":[{"descriptions":[{"cweId":"CWE-190","lang":"en","description":"CWE-190: Integer Overflow or Wraparound","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":8.4,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-j526-66f6-fxhx","tags":["x_refsource_CONFIRM"],"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-j526-66f6-fxhx"},{"name":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8","tags":["x_refsource_MISC"],"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8"},{"name":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10","tags":["x_refsource_MISC"],"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10"},{"name":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10","tags":["x_refsource_MISC"],"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10"}],"affected":[{"vendor":"AcademySoftwareFoundation","product":"openexr","versions":[{"version":">= 3.2.0, < 3.2.8","status":"affected"},{"version":">= 3.3.0, < 3.3.10","status":"affected"},{"version":">= 3.4.0, < 3.4.10","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-21T01:30:55.061Z"},"descriptions":[{"lang":"en","value":"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1722` performs `curc->width * curc->height` in `int32` arithmetic without a `(size_t)` cast. This is the same overflow pattern fixed in other locations by the recent CVE-2026-34589 batch, but this line was missed. Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses `internal_dwa_compressor.h:1722`."}],"source":{"advisory":"GHSA-j526-66f6-fxhx","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-22T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-40244"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-23T03:55:56.354Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"}],"datePublic":"2026-04-21T01:30:55.061Z","descriptions":[{"lang":"en","value":"A flaw was found in OpenEXR, an image storage format library. An integer overflow vulnerability exists when processing specially crafted EXR image files. A local user could exploit this by tricking a victim into opening a malicious EXR file. This flaw could lead to memory corruption, potentially allowing for arbitrary code execution or causing a denial of service (DoS) on the affected system."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-40244"},{"name":"RHBZ#2459955","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459955"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40244.json"}],"timeline":[{"lang":"en","time":"2026-04-21T02:01:45.728Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-21T01:30:55.061Z","value":"Made public."}],"title":"OpenEXR: OpenEXR: Arbitrary code execution via integer overflow in EXR image processing","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:08:56.829Z"}}]}}