OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
CVE-2026-27622
This high-severity CVE scores 7.8 under NVD CVSS v3. EPSS exploit-prediction score not yet available (the EPSS model rescores nightly; freshly-published CVEs typically appear within 48 hours). GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 7.8
- EG Score
- 7.8(low)
- EPSS
- 10.1%
- KEV
- Not listed
Published
March 3, 2026
Last Modified
June 30, 2026
Advisory Details (10)
Auto-updated Jul 1, 2026Affected: Red Hat Enterprise Linux 10.0 Extended Update Support.
https://access.redhat.com/errata/RHSA-2026:7678Affected: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support
https://access.redhat.com/errata/RHSA-2026:12341Affected: Red Hat Enterprise Linux 8.2 Advanced Update Support.
https://access.redhat.com/errata/RHSA-2026:12340Affected: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP So
https://access.redhat.com/errata/RHSA-2026:12339Affected: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Serv
https://access.redhat.com/errata/RHSA-2026:12338CompositeDeepScanLine integer-overflow leads to heap OOB write · Advisory · AcademySoftwareFoundation/openexr · GitHub
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963Vendor Advisories for CVE-2026-27622(10)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2026:16174Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (Spyre)
- RHSA-2026:16030Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (CUDA)
- RHSA-2026:16009Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (ROCm)
- RHSA-2026:16008Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.3 (CUDA)
- RHSA-2026:8872Red Hat Product SecurityHigh
Red Hat Security Advisory: openexr security update
- RHSA-2026:8888Red Hat Product SecurityHigh
Red Hat Security Advisory: openexr security update
- RHSA-2026:8871Red Hat Product SecurityHigh
Red Hat Security Advisory: openexr security update
- RHSA-2026:8863Red Hat Product SecurityHigh
Red Hat Security Advisory: OpenEXR security update
- +2 more
Patch Availability(16)
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| redhat | rhaiis/vllm-spyre-rhel9:1778244546 | 2026-05-12 | redhat |
| redhat | rhaiis/vllm-cuda-rhel9:1778274666 | 2026-05-11 | redhat |
| redhat | rhaiis/model-opt-cuda-rhel9:1778244559 | 2026-05-11 | redhat |
| redhat | rhaiis/vllm-rocm-rhel9:1778244531 | 2026-05-11 | redhat |
| redhat | OpenEXR-0:2.2.0-12.el8_4.1 | 2026-04-30 | redhat |
| redhat | OpenEXR-0:2.2.0-11.el8_2.1 | 2026-04-30 | redhat |
| redhat | OpenEXR-0:2.2.0-12.el8_8.1 | 2026-04-30 | redhat |
| redhat | OpenEXR-0:2.2.0-12.el8_6.1 | 2026-04-30 | redhat |
| redhat | openexr-0:3.1.1-2.el9_2.2 | 2026-04-20 | redhat |
| redhat | OpenEXR-0:2.2.0-12.el8_10.1 | 2026-04-20 | redhat |
| redhat | openexr-0:3.1.1-2.el9_0.2 | 2026-04-20 | redhat |
| redhat | openexr-0:3.1.1-3.el9_6.1 | 2026-04-20 | redhat |
| redhat | openexr-0:3.1.1-2.el9_4.2 | 2026-04-20 | redhat |
| redhat | openexr-0:3.1.1-3.el9_7.1 | 2026-04-20 | redhat |
| redhat | openexr-0:3.1.10-8.el10_0.1 | 2026-04-13 | redhat |
| redhat | openexr-0:3.1.10-8.el10_1.1 | 2026-04-13 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Affected Packages
(1 across 1 ecosystem)
PyPI(1)
| Package | Vulnerable range | Fixed in | Dependents |
|---|---|---|---|
| openexr | 3.2.3, 3.2.4, 3.2.5 | 3.2.6 | — |
Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Additional Vendor Advisories
(6)
Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.
- Red HatRHSA-2026:12338IMPORTANT2026-03-03
RHSA-2026:12338 — Important
- Red HatRHSA-2026:12339IMPORTANT2026-03-03
RHSA-2026:12339 — Important
- Red HatRHSA-2026:12340IMPORTANT2026-03-03
RHSA-2026:12340 — Important
- Red HatRHSA-2026:12341IMPORTANT2026-03-03
RHSA-2026:12341 — Important
- Red HatRHSA-2026:8869IMPORTANT2026-03-03
RHSA-2026:8869 — Important
- Red HatRHSA-2026:8870IMPORTANT2026-03-03
RHSA-2026:8870 — Important
Data Freshness Timeline
(refreshed 9× in last 7d / 19× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-08 15:15 UTCEPSS rescore
- 2026-07-07 13:46 UTCEPSS rescore
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-01 15:06 UTCEPSS rescore
- 2026-07-01 15:06 UTCEPSS rescore
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-30 04:35 UTCEG score recompute
- 2026-06-30 04:35 UTCVendor advisory
- 2026-06-30 04:31 UTCNVD updatefirst tracked
Related CVEs(same vendor + same CWE)
Same vendor
10 shownredhat
Same CWE
10 shownCWE-190 · CWE-787
- CVE-2009-0947EG 9.8CRITICAL
- CVE-2007-0158EG 9.8CRITICAL
- CVE-2007-0899EG 9.8CRITICAL
- CVE-2005-1141EG 9.8CRITICAL
- CVE-2005-0102EG 9.8CRITICAL
- CVE-2002-0391EG 9.8EPSS 99%CRITICAL
- CVE-2002-0639EG 9.8EPSS 97%CRITICAL
- CVE-2010-20115EG 9.3CRITICAL
- CVE-2010-1297NVD 7.8EG 9.0 KEVEPSS 100%HIGH
- CVE-2009-3953NVD 8.8EG 9.0 KEVEPSS 100%HIGH
Frequently asked(5)
What is CVE-2026-27622?
When was CVE-2026-27622 disclosed?
Is CVE-2026-27622 actively exploited?
What is the CVSS score of CVE-2026-27622?
How do I remediate CVE-2026-27622?
Dependency Blast Radius
See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-27622
Is Your Infrastructure Affected by CVE-2026-27622?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.