{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-34588 fix signed 32-bit integer overflow in PIZ decoder wavelet\n buffer arithmetic leading to out-of-bounds read/write", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776950014", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776950014" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1776950014.json" } ], "tracking": { "current_release_date": "2026-04-23T13:14:10Z", "generator": { "date": "2026-04-23T13:14:10Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776950014", "initial_release_date": "2026-04-23T13:14:10Z", "revision_history": [ { "date": "2026-04-23T13:14:10Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "openexr: Fix of CVE-2026-34588" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product": { "name": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product_id": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openexr-libs@3.1.1-3.el9.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product": { "name": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product_id": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openexr-devel@3.1.1-3.el9.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product": { "name": "openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product_id": "openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openexr@3.1.1-3.el9.tuxcare.els4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686", "product": { "name": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686", "product_id": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openexr-libs@3.1.1-3.el9.tuxcare.els4?arch=i686" } } }, { "category": "product_version", "name": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686", "product": { "name": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686", "product_id": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openexr-devel@3.1.1-3.el9.tuxcare.els4?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64" }, "product_reference": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686" }, "product_reference": "openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64" }, "product_reference": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686" }, "product_reference": "openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64" }, "product_reference": "openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-34588", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64", "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686", "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64", "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686", "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-34588" }, { "category": "external", "summary": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7" }, { "category": "external", "summary": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9" }, { "category": "external", "summary": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9" }, { "category": "external", "summary": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf", "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf" } ], "release_date": "2026-04-06T16:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-23T13:13:36.898284Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776950014", "product_ids": [ "AlmaLinux-9.2:openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64", "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686", "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64", "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686", "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776950014" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:openexr-0:3.1.1-3.el9.tuxcare.els4.x86_64", "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.i686", "AlmaLinux-9.2:openexr-devel-0:3.1.1-3.el9.tuxcare.els4.x86_64", "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.i686", "AlmaLinux-9.2:openexr-libs-0:3.1.1-3.el9.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }