Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 openexr Important Buffer Overflow Fix 2026-20755-1

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
An important security update for openexr in openSUSE fixes multiple issues, including buffer overflows and out-of-bounds reads.
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description

This update for openexr fixes the following issues

- CVE-2026-41142: integer overflow in `ImageChannel: resize` can lead to a heap out-of-bounds write via OpenEXRUtil

public API (bsc#1264356).

- CVE-2026-42216: missing checks in `IDManifest: init()` can lead to out-of-bounds read during prefix expansion

(bsc#1264354).

- CVE-2026-42217: missing bounds check for shift counter in `readVariableLengthInteger` can lead to shift exponent

overflow and cause undefined behavior (bsc#1264353).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-750=1

Patch

Package List

- openSUSE Leap 16.0:

libIex-3_2-31-3.2.2-160000.8.1

libIex-3_2-31-x86-64-v3-3.2.2-160000.8.1

libIlmThread-3_2-31-3.2.2-160000.8.1

libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.8.1

libOpenEXR-3_2-31-3.2.2-160000.8.1

libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.8.1

libOpenEXRCore-3_2-31-3.2.2-160000.8.1

libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.8.1

libOpenEXRUtil-3_2-31-3.2.2-160000.8.1

libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.8.1

openexr-3.2.2-160000.8.1

openexr-devel-3.2.2-160000.8.1

openexr-doc-3.2.2-160000.8.1

References

* bsc#1264353

* bsc#1264354

* bsc#1264356

References:

* https://www.suse.com/security/cve/CVE-2026-41142.html

* https://www.suse.com/security/cve/CVE-2026-42216.html

* https://www.suse.com/security/cve/CVE-2026-42217.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20755-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here