Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

Ubuntu 26.04 OpenEXR Severe DoS Integer Overflow USN-8259-2

ubuntu
Calendar Grey May 7, 2026
Dist Ubuntu Esm H88
Several security problems resolved in OpenEXR across Ubuntu LTS versions, stay updated for security integrity.
Several security issues were fixed in OpenEXR.

Summary

Several security issues were fixed in OpenEXR.

Software Description:

- openexr: tools for the OpenEXR image format

Details:

Quang Luong discovered that OpenEXR incorrectly handled sample count

accumulation when processing deep scan line image files. An attacker could

possibly use this issue to cause OpenEXR to crash, resulting in a denial of

service, or execute arbitrary code. (CVE-2026-27622)

It was discovered that OpenEXR had an integer overflow in the PXR24

decoder. An attacker could possibly use this issue to cause OpenEXR to

crash, resulting in a denial of service, or execute arbitrary code.

This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.

(CVE-2026-34380)

Quang Luong discovered that OpenEXR had a signed integer overflow in the

PIZ decoder. An attacker could possibly use this issue to cause OpenEXR to

crash, resulting in a denial of service, or execute arbitrary code. This

issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-34588)

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu integer overflow OpenEXR

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libopenexr-3-1-30               3.1.13-2ubuntu0.26.04.1~esm1
                                  Available with Ubuntu Pro
  openexr                         3.1.13-2ubuntu0.26.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 24.04 LTS
  libopenexr-3-1-30               3.1.5-5.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  openexr                         3.1.5-5.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libopenexr25                    2.5.7-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  openexr                         2.5.7-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libopenexr24                    2.3.0-6ubuntu0.5+esm2
                                  Available with Ubuntu Pro
  openexr                         2.3.0-6ubuntu0.5+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libopenexr22                    2.2.0-11.1ubuntu1.9+esm1
                                  Available with Ubuntu Pro
  openexr                         2.2.0-11.1ubuntu1.9+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libopenexr22                    2.2.0-10ubuntu2.6+esm4
                                  Available with Ubuntu Pro
  openexr                         2.2.0-10ubuntu2.6+esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-8259-1

CVE-2026-27622, CVE-2026-34380, CVE-2026-34588

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8259-1

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu integer overflow OpenEXR

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here