An update for OpenEXR is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1685 Final 1.0 1.0 2026-03-20 Initial 2026-03-20 2026-03-20 openEuler SA Tool V1.0 2026-03-20 OpenEXR security update An update for OpenEXR is now available for openEuler-22.03-LTS-SP4 OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light &amp; Magic for use in computer imaging applications. Security Fix(es): OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.(CVE-2026-27622) An update for OpenEXR is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High OpenEXR https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1685 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-27622 https://nvd.nist.gov/vuln/detail/CVE-2026-27622 openEuler-22.03-LTS-SP4 OpenEXR-3.1.5-5.oe2203sp4.aarch64.rpm OpenEXR-debuginfo-3.1.5-5.oe2203sp4.aarch64.rpm OpenEXR-debugsource-3.1.5-5.oe2203sp4.aarch64.rpm OpenEXR-devel-3.1.5-5.oe2203sp4.aarch64.rpm OpenEXR-libs-3.1.5-5.oe2203sp4.aarch64.rpm OpenEXR-3.1.5-5.oe2203sp4.src.rpm OpenEXR-3.1.5-5.oe2203sp4.x86_64.rpm OpenEXR-debuginfo-3.1.5-5.oe2203sp4.x86_64.rpm OpenEXR-debugsource-3.1.5-5.oe2203sp4.x86_64.rpm OpenEXR-devel-3.1.5-5.oe2203sp4.x86_64.rpm OpenEXR-libs-3.1.5-5.oe2203sp4.x86_64.rpm OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6. 2026-03-20 CVE-2026-27622 openEuler-22.03-LTS-SP4 High 8.4 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N OpenEXR security update 2026-03-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1685