SecAlerts
CVE ListPricingSign Up
openexr logo

openexr

Security Risk Profile

58
/100
medium

Security Risk Score

Comprehensive risk assessment based on 78 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from July 31, 2009 to present

78
Total CVEs
30
Critical+High
0
Exploited
9
Unpatched

Threat Assessment

Avg CVSS
6.6
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
9
Critical/High
Risk Level
58/100
medium

Severity Distribution

Critical
2
High
28
Medium
46
Low
2

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
Integer Overflow
27
2
Buffer Overflow
27
3
Null Pointer Dereference
5
4
Use After Free
2
5
Input Validation
2

Most Affected Products

1. Apple iOS and macOS215
2. OpenEXR OpenEXR125
3. Debian Debian Linux61
4. Canonical Ubuntu Linux43
5. redhat/OpenEXR28

Recent Vulnerabilities

See more →
CVE-2026-42217
CVSS 6.3medium

OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`)

5/7/2026
CVE-2026-42216
CVSS 8.8high

OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion

5/7/2026🔧 No Patch
CVE-2026-41142
CVSS 8.8high

OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API

5/7/2026
CVE-2026-40250
CVSS 8.4high

OpenEXR has integer overflow in DWA decoder outBufferEnd pointer arithmetic (missed variant of CVE-2026-34589)

4/21/2026🔧 No Patch
CVE-2026-40244
CVSS 8.4high

OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589)

4/21/2026🔧 No Patch
CVE-2026-39886
CVSS 5.3medium

OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl()

4/21/2026🔧 No Patch
REDHAT-BUG-2455408
CVSS 7.0high
4/6/2026🔧 No Patch
CVE-2026-34589
CVSS 8.4high

OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

4/6/2026
CVE-2026-34588
CVSS 8.6high

OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

4/6/2026
CVE-2026-34380
CVSS 5.9medium

OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression

4/6/2026🔧 No Patch

Monitor openexr in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.