This update for openexr fixes the following issues:
- CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621).
- CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622).
- CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624).
- CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-617=1
- openSUSE Leap 16.0:
libIex-3_2-31-3.2.2-160000.6.1
libIex-3_2-31-x86-64-v3-3.2.2-160000.6.1
libIlmThread-3_2-31-3.2.2-160000.6.1
libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.6.1
libOpenEXR-3_2-31-3.2.2-160000.6.1
libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.6.1
libOpenEXRCore-3_2-31-3.2.2-160000.6.1
libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.6.1
libOpenEXRUtil-3_2-31-3.2.2-160000.6.1
libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.6.1
openexr-3.2.2-160000.6.1
openexr-devel-3.2.2-160000.6.1
openexr-doc-3.2.2-160000.6.1
* bsc#1261621
* bsc#1261622
* bsc#1261624
* bsc#1261634
References:
* https://www.suse.com/security/cve/CVE-2026-34379.html
* https://www.suse.com/security/cve/CVE-2026-34380.html
* https://www.suse.com/security/cve/CVE-2026-34588.html
* https://www.suse.com/security/cve/CVE-2026-34589.html
Get the latest Linux and open source security news straight to your inbox.