Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

SUSE OpenEXR Important 2026-21372-1 Denial of Service Code Exec

suse
Calendar Grey April 28, 2026
Dist Suse Esm H88
Critical security update for SUSE OpenEXR addressing multiple vulnerabilities with important severity levels.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for openexr fixes the following issues: * CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621). * CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622). * CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624). * CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-617=1 * SUSE Linux Enterprise Server 16.0

References

* bsc#1261621

* bsc#1261622

* bsc#1261624

* bsc#1261634

Cross-

* CVE-2026-34379

* CVE-2026-34380

* CVE-2026-34588

* CVE-2026-34589

CVSS scores:

* CVE-2026-34379 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2026-34379 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

* CVE-2026-34379 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

* CVE-2026-34380 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2026-34380 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

* CVE-2026-34380 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

* CVE-2026-34588 ( SUSE ): 7.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21372-1
Release Date: 2026-04-22T10:03:51Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here