CVE-2026-41142: OpenEXR Integer Overflow Leads to Heap OOB Write

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityinteger-overflowcwe-190
CVE-2026-41142: OpenEXR Integer Overflow Leads to Heap OOB Write

The National Vulnerability Database has detailed CVE-2026-41142, a high-severity integer overflow vulnerability impacting OpenEXR, the industry-standard image storage format for motion pictures. Specifically, versions 3.0.0 to 3.2.8, 3.3.0 to 3.3.10, and 3.4.0 to 3.4.10 are vulnerable. The flaw resides in the ImageChannel::resize function, which can be exploited via the OpenEXRUtil public API, resulting in a heap out-of-bounds write.

This isn’t just a bug; it’s a critical memory corruption vulnerability with a CVSS score of 8.8. An attacker doesn’t need privileges and can execute this remotely with user interaction, likely through a specially crafted EXR file. The impact is severe: complete loss of confidentiality, integrity, and availability. For organizations handling high-resolution imagery, especially in media, entertainment, or even medical imaging, this is a direct attack vector into systems processing these files.

Patches are available, and the National Vulnerability Database confirms the issue is resolved in OpenEXR versions 3.2.9, 3.3.11, and 3.4.11. This isn’t a theoretical threat; it’s a foundational library used across a major industry. Defenders need to assume exploitation is possible and that attackers will weaponize malformed EXR files to gain arbitrary code execution or cause system instability.

What This Means For You

  • If your organization processes OpenEXR files, especially in media production, VFX, or any field utilizing high-dynamic-range imagery, you need to identify all systems running vulnerable OpenEXR versions. Prioritize patching to 3.2.9, 3.3.11, or 3.4.11 immediately. Audit any third-party tools or libraries that depend on OpenEXR for their own patching status. This is a direct attack path to your critical workstations and servers.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1204.002 Malicious File Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-41142: OpenEXR Heap OOB Write via ImageChannel::resize

Sigma YAML — free preview 
title: CVE-2026-41142: OpenEXR Heap OOB Write via ImageChannel::resize
id: scw-2026-05-07-ai-1
status: experimental
level: high
description: |
  Detects the execution of OpenEXR utility functions, specifically targeting the 'resize' operation within ImageChannel, which is vulnerable to an integer overflow leading to a heap Out-of-Bounds write. This rule aims to catch the direct exploitation of CVE-2026-41142.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-41142/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: process_creation
detection:
  selection:
      Image|startswith:
          - 'openexr_util'
      CommandLine|contains:
          - 'resize'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41142 Buffer Overflow OpenEXR versions 3.0.0 to before 3.2.9
CVE-2026-41142 Buffer Overflow OpenEXR versions 3.3.0 to before 3.3.11
CVE-2026-41142 Buffer Overflow OpenEXR versions 3.4.0 to before 3.4.11
CVE-2026-41142 Memory Corruption Integer overflow in ImageChannel::resize leading to heap OOB write via OpenEXRUtil public API

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 07, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8063 — Null Pointer Dereference

CVE-2026-8063 — An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the...

vulnerabilityCVEmedium-severitynull-pointer-dereferencecwe-476
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 1 Sigma

WP-Optimize Plugin Flaw Allows Arbitrary File Deletion, RCE via wp-config.php

CVE-2026-7252 — The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary...

vulnerabilityCVEhigh-severityremote-code-executioncwe-22
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 5 IOCs /⚙ 3 Sigma

CVE-2026-6692: WordPress Slider Revolution RCE Vulnerability

CVE-2026-6692 — The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function....

vulnerabilityCVEhigh-severityremote-code-executioncwe-434
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 3 Sigma