Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2802 articles · 174869 vulns · 37/41 feeds (7d)
← Back to list
—
CVE-2026-42216EXPLOITED
openexr · openexr

OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed representation. If the previous string is longer than 255 bytes, the next string is expected to begin with a 2-byte prefix length. The code reads stringList[i][0] and stringList[i][1] without checking that the current string has at least two bytes. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

Affected Products

VendorProductVersions
openexropenexr>= 3.0.0, < 3.2.9, >= 3.3.0, < 3.3.11, >= 3.4.0, < 3.4.11

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
red hatenterprise linuxcert_advisory90%

References

  • https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-65j8-95g9-jgj4(x_refsource_CONFIRM)

Related News (2 articles)

Tier B
BSI Advisories2h ago
[NEU] [hoch] Red Hat Enterprise Linux (openexr): Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB67d ago
CVE-2026-42216 | AcademySoftwareFoundation OpenEXR up to 3.2.8/3.3.10/3.4.10 EXR File IDManifest::init out-of-bounds (GHSA-65j8-95g9-jgj4 / EUVD-2026-28298)
→ No new info (linked only)
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-125
PublishedMay 7, 2026
Last enriched2h agov3
Tags
remote code executioninformation disclosuredenial of service
Trending Score68
Source articles2
Independent2
Info Completeness8/14
Missing: cvss, epss, kev, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (3)

MEDIUMCVE-2026-39886EXP
OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl()
NONECVE-2026-40250EXP
OpenEXR has integer overflow in DWA decoder outBufferEnd pointer arithmetic (missed variant of CVE-2026-34589)
NONECVE-2026-40244EXP
OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589)

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
May 7, 2026
Discovered by ZDM
May 7, 2026
Updated: description, severity, affectedVersions, activelyExploited
May 7, 2026
Updated: severity, exploitAvailable, tags
Jul 13, 2026
Actively Exploited
Jul 13, 2026
Exploit Available
Jul 13, 2026

Version History

v3
Last enriched 2h ago
v3Tier B2h ago

Updated severity to HIGH, marked exploit as available, and added new tags related to the vulnerabilities.

severityexploitAvailabletags
via BSI Advisories
v2Tier C67d ago

Updated severity to CRITICAL, added affected versions up to 3.2.8/3.3.10/3.4.10, and noted that no exploit exists.

descriptionseverityaffectedVersionsactivelyExploited
via VulDB
v167d ago

Initial creation