CVE-2026-42216: OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion — Zero Day Monitor