CVE-2026-42216 | AcademySoftwareFoundation OpenEXR up to 3.2.8/3.3.10/3.4.10 EXR File IDManifest::init out-of-bounds (GHSA-65j8-95g9-jgj4 / EUVD-2026-28298)

May 7, 2026 Yanac

A vulnerability classified as critical was found in AcademySoftwareFoundation OpenEXR up to 3.2.8/3.3.10/3.4.10. Affected by this issue is the function IDManifest::init of the component EXR File Handler. Such manipulation leads to out-of-bounds read.

This vulnerability is uniquely identified as CVE-2026-42216. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More