Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Fedora 44 USD Critical OpenEXR Denial of Service Fixes 2026-502486fc61

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Several security fixes for OpenEXRCore in Fedora 44 address critical exploits leading to denial of service or code execution.
Backport several OpenEXRCore security fixes Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493 Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534 Fixes CV...

Summary

Universal Scene Description (USD) is a time-sampled scene

description for interchange between graphics applications.

Update Information:

Backport several OpenEXRCore security fixes Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493 Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534 Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes RHBZ#2455505 Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes RHBZ#2455501 Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes RHBZ#2455497 Backport fix for CVE-2026-34544 in OpenEXRCore

Topics%20covered

Topics Covered

security advisory denial of service fedora critical memory corruption OpenEXR

Change Log

* Wed Apr 8 2026 Benjamin A. Beasley - 26.03-3 - Backport several OpenEXRCore security fixes - Fixes CVE-2026-34378 / GHSA-v76p-4qvv-vh4g; closes RHBZ#2455493 - Fixes CVE-2026-34380 / GHSA-q3v8-hw4m-59w5; closes RHBZ#2455534 - Fixes CVE-2026-34588 / GHSA-588r-cr5c-w6hf; closes RHBZ#2455505 - Fixes CVE-2026-34589 / GHSA-p8xc-w3q4-h64x; closes RHBZ#2455501 - Fixes CVE-2026-34379 / GHSA-w88v-vqhq-5p24; closes RHBZ#2455497 * Mon Apr 6 2026 Benjamin A. Beasley - 26.03-2 - Backport fix for CVE-2026-34544 in OpenEXRCore - Fixes RHBZ#2454226

References


[ 1 ] Bug #2454226 - CVE-2026-34544 usd: OpenEXR: Memory corruption and Denial of Service via crafted EXR file processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454226 [ 2 ] Bug #2455493 - CVE-2026-34378 usd: OpenEXR: Denial of Service via crafted EXR file integer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455493 [ 3 ] Bug #2455497 - CVE-2026-34379 usd: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455497 [ 4 ] Bug #2455501 - CVE-2026-34589 usd: OpenEXR: Memory corruption leading to arbitrary code execution or denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455501 [ 5 ] Bug #2455505 - CVE-2026-34588 usd: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455505 [ 6 ] Bug ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-502486fc61' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: usd
Product: Fedora 44
Version: 26.03
Release: 3.fc44
URL: http://www.openusd.org/
Summary: 3D VFX pipeline interchange file format

Topics%20covered

Topics Covered

security advisory denial of service fedora critical memory corruption OpenEXR

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here