VulnerableCode Package Details - pkg:pypi/openexr@3.3.8

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-qn33-asyh-y3hw	OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write Function: `CompositeDeepScanLine::readPixels`, reachable from high-level multipart deep read flows (`MultiPartInputFile` + `DeepScanLineInputPart` + `CompositeDeepScanLine`). Vulnerable lines (`src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp`): - `total_sizes[ptr] += counts[j][ptr];` (line ~511) - `overall_sample_count += total_sizes[ptr];` (line ~514) - `samples[channel].resize (overall_sample_count);` (line ~535) Impact: 32-bit sample-count accumulation wrap leads to undersized allocation, then decode writes with true sample volume, causing heap OOB write in `generic_unpack_deep_pointers` (`src/lib/OpenEXRCore/unpack.c:1374`) (DoS/Crash, memory corruption/RCE). Attack scenario: - Attacker provides multipart deep EXR with many parts and very large sample counts per pixel. - Uses compression (RLE/ZIPS) to keep file size relatively small vs decode pressure. - The overflow happens in composite sample accounting (`unsigned int`), while pointer progression for decode uses larger counters and reaches out-of-bounds. Tested on: `OpenEXR 4.0.0-dev` (commit 83449669402080874b25ff1fa740649a9e6ea064) but this code has existed since v2.3.0	CVE-2026-27622 GHSA-cr4v-6jm6-4963

Vulnerability

Summary

Aliases

VCID-qn33-asyh-y3hw

OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write Function: `CompositeDeepScanLine::readPixels`, reachable from high-level multipart deep read flows (`MultiPartInputFile` + `DeepScanLineInputPart` + `CompositeDeepScanLine`). Vulnerable lines (`src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp`): - `total_sizes[ptr] += counts[j][ptr];` (line ~511) - `overall_sample_count += total_sizes[ptr];` (line ~514) - `samples[channel].resize (overall_sample_count);` (line ~535) Impact: 32-bit sample-count accumulation wrap leads to undersized allocation, then decode writes with true sample volume, causing heap OOB write in `generic_unpack_deep_pointers` (`src/lib/OpenEXRCore/unpack.c:1374`) (DoS/Crash, memory corruption/RCE). Attack scenario: - Attacker provides multipart deep EXR with many parts and very large sample counts per pixel. - Uses compression (RLE/ZIPS) to keep file size relatively small vs decode pressure. - The overflow happens in composite sample accounting (`unsigned int`), while pointer progression for decode uses larger counters and reaches out-of-bounds. Tested on: `OpenEXR 4.0.0-dev` (commit 83449669402080874b25ff1fa740649a9e6ea064) but this code has existed since v2.3.0

CVE-2026-27622
GHSA-cr4v-6jm6-4963

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:51:06.178743+00:00	GitLab Importer	Fixing	VCID-qn33-asyh-y3hw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/OpenEXR/CVE-2026-27622.yml	38.6.0

2026-06-02T04:51:06.178743+00:00

GitLab Importer

Fixing

VCID-qn33-asyh-y3hw

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/OpenEXR/CVE-2026-27622.yml

38.6.0