Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE 2026-20605-1 openexr Important DoS Arbitrary Code Exec

opensuse
Calendar Grey April 23, 2026
Dist Opensuse Esm H88
This advisory addresses important vulnerabilities in openexr for openSUSE including denial of service and arbitrary code execution risks.
An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description

This update for openexr fixes the following issues:

- CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621).

- CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622).

- CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624).

- CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-617=1

Patch

Package List

- openSUSE Leap 16.0:

libIex-3_2-31-3.2.2-160000.6.1

libIex-3_2-31-x86-64-v3-3.2.2-160000.6.1

libIlmThread-3_2-31-3.2.2-160000.6.1

libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.6.1

libOpenEXR-3_2-31-3.2.2-160000.6.1

libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.6.1

libOpenEXRCore-3_2-31-3.2.2-160000.6.1

libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.6.1

libOpenEXRUtil-3_2-31-3.2.2-160000.6.1

libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.6.1

openexr-3.2.2-160000.6.1

openexr-devel-3.2.2-160000.6.1

openexr-doc-3.2.2-160000.6.1

References

* bsc#1261621

* bsc#1261622

* bsc#1261624

* bsc#1261634

References:

* https://www.suse.com/security/cve/CVE-2026-34379.html

* https://www.suse.com/security/cve/CVE-2026-34380.html

* https://www.suse.com/security/cve/CVE-2026-34588.html

* https://www.suse.com/security/cve/CVE-2026-34589.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20605-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here