OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.
| Vendor | Product | Versions |
|---|---|---|
| openexr | openexr | >= 3.2.0, < 3.2.7, >= 3.3.0, < 3.3.9, >= 3.4.0, < 3.4.9 |
Updated affected versions to include 3.2.6, 3.3.8, and 3.4.8, changed severity to MEDIUM, and noted that no exploit is available and it is not actively exploited.
Initial creation
