NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-42217

Summary	OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code executes a left shift by 70 on a 64-bit value, which is undefined behavior. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11.
Publication Date	May 7, 2026, 1:16 p.m.
Registration Date	May 8, 2026, 4:09 a.m.
Last Update	May 8, 2026, 12:03 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/AcademySoftwareFoundation/openexr/commit/21eaa33bcbbb0c83a5fc42f6b6d65b70a996e63c	security-advisories@github.com
2	https://github.com/AcademySoftwareFoundation/openexr/pull/2378	security-advisories@github.com
3	https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3c67-4wwp-w52m	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html