## This update for openexr fixes the following issues: * CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621). * CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622). * CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624). * CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-617=1 * SUSE Linux Enterprise Server 16.0
* bsc#1261621
* bsc#1261622
* bsc#1261624
* bsc#1261634
Cross-
* CVE-2026-34379
* CVE-2026-34380
* CVE-2026-34588
* CVE-2026-34589
CVSS scores:
* CVE-2026-34379 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34379 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-34379 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-34380 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34380 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-34380 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-34588 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Get the latest Linux and open source security news straight to your inbox.