CVE-2026-42217 | AcademySoftwareFoundation OpenEXR up to 3.2.8/3.3.10/3.4.10 EXR File readVariableLengthInteger integer overflow (GHSA-3c67-4wwp-w52m / EUVD-2026-28300)

A vulnerability, which was classified as critical, has been found in AcademySoftwareFoundation OpenEXR up to 3.2.8/3.3.10/3.4.10. This affects the function readVariableLengthInteger of the component EXR File Handler. Performing a manipulation results in integer overflow.

This vulnerability was named CVE-2026-42217. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More