Vulnerabilities ›

CVE-2026-34543

High ⚡ Exploit Available

CWE-908 — Weakness Type

                    Published: Apr 1, 2026                      ·  Modified: Apr 8, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). This occurs under default settings; simply reading a malicious EXR file is sufficient to trigger the issue, without any user interaction. This issue has been patched in version 3.4.8.

🤖 AI Executive Summary

OpenEXR versions 3.4.0-3.4.7 leak sensitive heap memory through decoded pixel data when processing malicious EXR files. The vulnerability requires no user interaction and occurs under default settings, posing an information disclosure risk to organizations using affected versions.

📄 Description (Arabic)

تؤثر هذه الثغرة على OpenEXR من الإصدار 3.4.0 إلى 3.4.7 وتسمح بتسرب المعلومات الحساسة من ذاكرة الكومة. يمكن استغلال الثغرة بمجرد قراءة ملف EXR ضار دون الحاجة إلى أي تفاعل من المستخدم.

🤖 ملخص تنفيذي (AI)

إصدارات OpenEXR من 3.4.0 إلى 3.4.7 تسرب معلومات حساسة من ذاكرة الكومة عند معالجة ملفات EXR ضارة. يحدث الثغرة دون تفاعل من المستخدم وتحت الإعدادات الافتراضية، مما يشكل خطر كشف المعلومات للمنظمات التي تستخدم الإصدارات المتأثرة.

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 16:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

media entertainment government

🎯 MITRE ATT&CK Techniques

T1005 T1041

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade OpenEXR to version 3.4.8 or later immediately. Review and audit systems using OpenEXR for potential exposure to malicious EXR files. Implement file validation and restrict EXR file processing from untrusted sources.

🔧 خطوات المعالجة (العربية)

قم بترقية OpenEXR إلى الإصدار 3.4.8 أو أحدث فوراً. قم بمراجعة وتدقيق الأنظمة التي تستخدم OpenEXR للتعرض المحتمل لملفات EXR الضارة. طبق التحقق من صحة الملفات وقيد معالجة ملفات EXR من المصادر غير الموثوقة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.14.2.1

🟡 ISO 27001:2022

A.12.2.1 A.14.2.1

🔗 References & Sources 4

🔗

https://github.com/AcademySoftwareFoundation/openexr/commit/5f6d0aaa9e43802917af7db90f1...

security-advisories@github.com

Patch

🔗

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8

security-advisories@github.com

Product Release Notes

🔗

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vc68-257w...

security-advisories@github.com

Exploit Vendor Advisory

🔗

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vc68-257w...

134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit Vendor Advisory

📦 Affected Products / CPE 3 entries

openexr:openexr

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-908

EPSS0.05%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-04-01

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

exploit-available patch-available CWE-908

🏢 Vendor Advisories

🔗 https://github.com/AcademySoftwareFoundation/openexr... 🔗 https://github.com/AcademySoftwareFoundation/openexr...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-34543

💬 Comments

Introduce Yourself

Sign In Required