Nixpkgs security tracker

Dismissed

Permalink CVE-2026-34544

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 6 days ago
@LeSuisse ignored
3 packages
- openexr_2
- openexrid-unstable
- haskellPackages.openexr-write
2 weeks, 6 days ago
@LeSuisse dismissed 2 weeks, 6 days ago

OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8.

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h762-rhv3-h25v x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/openexr/commit/35e7aa35e22c1975606be86e859f31cc1fc598ee x_refsource_MISC
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.8 x_refsource_MISC

Affected products

openexr

==>= 3.4.0, < 3.4.8

Matching in nixpkgs

pkgs.openexr

High dynamic-range (HDR) image file format

nixos-unstable 3.3.5
- nixpkgs-unstable 3.3.5
- nixos-unstable-small 3.3.5
nixos-25.11 3.3.5
- nixos-25.11-small 3.3.5
- nixpkgs-25.11-darwin 3.3.5

Ignored packages (3)

pkgs.openexr_2

High dynamic-range (HDR) image file format

nixos-unstable 2.5.10
- nixpkgs-unstable 2.5.10
- nixos-unstable-small 2.5.10
nixos-25.11 2.5.10
- nixos-25.11-small 2.5.10
- nixpkgs-25.11-darwin 2.5.10

pkgs.openexrid-unstable

OpenEXR files able to isolate any object of a CG image with a perfect antialiazing

nixos-unstable 2017-09-17
- nixpkgs-unstable 2017-09-17
- nixos-unstable-small 2017-09-17
nixos-25.11 2017-09-17
- nixos-25.11-small 2017-09-17
- nixpkgs-25.11-darwin 2017-09-17

pkgs.haskellPackages.openexr-write

Library for writing images in OpenEXR HDR file format

nixos-unstable 0.1.0.2
- nixpkgs-unstable 0.1.0.2
- nixos-unstable-small 0.1.0.2
nixos-25.11 0.1.0.2
- nixos-25.11-small 0.1.0.2
- nixpkgs-25.11-darwin 0.1.0.2

Package maintainers

@paperdigits Mica Semrick <mica@silentumbrella.com>

Not in the range of impacted version.

Suggestion detail