NIXPKGS-2026-1435

GitHub issue published on

Permalink CVE-2026-41142

8.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 days, 2 hours ago by @LeSuisse Activity log

Created suggestion 2 days, 10 hours ago
@LeSuisse ignored
3 packages
- openexrid-unstable
- haskellPackages.openexr-write
- openexr_2
2 days, 2 hours ago
@LeSuisse accepted 2 days, 2 hours ago
@LeSuisse published on GitHub 2 days, 2 hours ago

OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to heap OOB write via OpenEXRUtil public API. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m25w-72cj-q6mg x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/openexr/pull/2367 x_refsource_MISC
https://github.com/AcademySoftwareFoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4 x_refsource_MISC

Affected products

openexr

==>= 3.0.0, < 3.2.9
==>= 3.4.0, < 3.4.11
==>= 3.3.0, < 3.3.11

Matching in nixpkgs

pkgs.openexr

High dynamic-range (HDR) image file format

nixos-unstable 3.3.8
- nixpkgs-unstable 3.3.8
- nixos-unstable-small 3.3.8
nixos-25.11 3.3.8
- nixos-25.11-small 3.3.8
- nixpkgs-25.11-darwin 3.3.8

Ignored packages (3)

pkgs.openexr_2

High dynamic-range (HDR) image file format

nixos-unstable 2.5.10
- nixpkgs-unstable 2.5.10
- nixos-unstable-small 2.5.10
nixos-25.11 2.5.10
- nixos-25.11-small 2.5.10
- nixpkgs-25.11-darwin 2.5.10

pkgs.openexrid-unstable

OpenEXR files able to isolate any object of a CG image with a perfect antialiazing

nixos-unstable 2017-09-17
- nixpkgs-unstable 2017-09-17
- nixos-unstable-small 2017-09-17
nixos-25.11 2017-09-17
- nixos-25.11-small 2017-09-17
- nixpkgs-25.11-darwin 2017-09-17

pkgs.haskellPackages.openexr-write

Library for writing images in OpenEXR HDR file format

nixos-unstable 0.1.0.2
- nixpkgs-unstable 0.1.0.2
- nixos-unstable-small 0.1.0.2
nixos-25.11 0.1.0.2
- nixos-25.11-small 0.1.0.2
- nixpkgs-25.11-darwin 0.1.0.2

Package maintainers

@paperdigits Mica Semrick <mica@silentumbrella.com>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1435