NIXPKGS-2026-0348

GitHub issue published on

Permalink CVE-2026-26981

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 3 weeks ago
@LeSuisse ignored
3 packages
- openexrid-unstable
- haskellPackages.openexr-write
- openexr_2
1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`. Versions 3.3.7 and 3.4.5 contain a patch.

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef x_refsource_MISC
https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8 x_refsource_MISC

Affected products

openexr

==>= 3.3.0, < 3.3.7
==>= 3.4.0, < 3.4.5

Matching in nixpkgs

pkgs.openexr

High dynamic-range (HDR) image file format

nixos-unstable 3.3.5
- nixpkgs-unstable 3.3.5
- nixos-unstable-small 3.3.5
nixos-25.11 3.3.5
- nixos-25.11-small 3.3.5
- nixpkgs-25.11-darwin 3.3.5

Ignored packages (3)

pkgs.openexr_2

High dynamic-range (HDR) image file format

nixos-unstable 2.5.10
- nixpkgs-unstable 2.5.10
- nixos-unstable-small 2.5.10
nixos-25.11 2.5.10
- nixos-25.11-small 2.5.10
- nixpkgs-25.11-darwin 2.5.10

pkgs.openexrid-unstable

OpenEXR files able to isolate any object of a CG image with a perfect antialiazing

nixos-unstable 2017-09-17
- nixpkgs-unstable 2017-09-17
- nixos-unstable-small 2017-09-17
nixos-25.11 2017-09-17
- nixos-25.11-small 2017-09-17
- nixpkgs-25.11-darwin 2017-09-17

pkgs.haskellPackages.openexr-write

Library for writing images in OpenEXR HDR file format

nixos-unstable 0.1.0.2
- nixpkgs-unstable 0.1.0.2
- nixos-unstable-small 0.1.0.2
nixos-25.11 0.1.0.2
- nixos-25.11-small 0.1.0.2
- nixpkgs-25.11-darwin 0.1.0.2

Package maintainers

@paperdigits Mica Semrick <mica@silentumbrella.com>

Upstream advisory: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q6vj-wxvf-5m8c
Upstream patch: https://github.com/AcademySoftwareFoundation/openexr/commit/6bb2ddf1068573d073edf81270a015b38cc05cef

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0348