CVE-2026-40244: OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589) — Zero Day Monitor