Loading
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). This occurs under default settings; simply reading a malicious EXR file is sufficient to trigger the issue, without any user interaction. This issue has been patched in version 3.4.8.
Cite this page
CVE-2026-34543. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-34543
Use CWE-908, Openexr vendor hub and Openexr product page to widen CVE-2026-34543 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-34588, CVE-2026-40250 and CVE-2026-40244 for nearby disclosures in the same product family.