Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-27622 (GCVE-0-2026-27622)
Vulnerability from cvelistv5 – Published: 2026-03-03 22:42 – Updated: 2026-03-11 03:56
VLAI?
EPSS
Title
OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcademySoftwareFoundation | openexr |
Affected:
>= 2.3.0, < 3.2.6
Affected: >= 3.3.0, < 3.3.8 Affected: >= 3.4.0, < 3.4.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:56:39.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "AcademySoftwareFoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 3.2.6"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.8"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T22:42:49.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963"
}
],
"source": {
"advisory": "GHSA-cr4v-6jm6-4963",
"discovery": "UNKNOWN"
},
"title": "OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27622",
"datePublished": "2026-03-03T22:42:49.086Z",
"dateReserved": "2026-02-20T22:02:30.027Z",
"dateUpdated": "2026-03-11T03:56:39.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-27622",
"date": "2026-04-14",
"epss": "0.0002",
"percentile": "0.05197"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27622\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-03T23:15:55.737\",\"lastModified\":\"2026-03-05T21:07:05.753\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.6\",\"matchCriteriaId\":\"637078D8-68DE-478F-B304-A08E80A7609C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.8\",\"matchCriteriaId\":\"529003A0-284B-4A1F-B4FF-CABB9A7534B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.6\",\"matchCriteriaId\":\"44066539-F7B6-415A-AE11-0F80BB8741D7\"}]}]}],\"references\":[{\"url\":\"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27622\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-04T16:06:34.211154Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-04T16:08:09.596Z\"}}], \"cna\": {\"title\": \"OpenEXR CompositeDeepScanLine integer-overflow leads to heap OOB write\", \"source\": {\"advisory\": \"GHSA-cr4v-6jm6-4963\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"AcademySoftwareFoundation\", \"product\": \"openexr\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.3.0, \u003c 3.2.6\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.3.0, \u003c 3.3.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.4.0, \u003c 3.4.6\"}]}], \"references\": [{\"url\": \"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963\", \"name\": \"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-03T22:42:49.086Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27622\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-11T03:56:39.168Z\", \"dateReserved\": \"2026-02-20T22:02:30.027Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-03T22:42:49.086Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:7678
Vulnerability from csaf_redhat - Published: 2026-04-13 02:25 - Updated: 2026-04-13 08:42Summary
Red Hat Security Advisory: openexr security update
Severity
Important
Notes
Topic: An update for openexr is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.
Security Fix(es):
* openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the `CompositeDeepScanLine::readPixels` function. This overflow leads to an undersized buffer allocation, which can then be overrun during write operations. Successful exploitation could result in arbitrary code execution or a denial of service (DoS).
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7678
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openexr is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.\n\nSecurity Fix(es):\n\n* openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7678",
"url": "https://access.redhat.com/errata/RHSA-2026:7678"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2444251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444251"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7678.json"
}
],
"title": "Red Hat Security Advisory: openexr security update",
"tracking": {
"current_release_date": "2026-04-13T08:42:34+00:00",
"generator": {
"date": "2026-04-13T08:42:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:7678",
"initial_release_date": "2026-04-13T02:25:56+00:00",
"revision_history": [
{
"date": "2026-04-13T02:25:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:25:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-13T08:42:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_0.1.src",
"product": {
"name": "openexr-0:3.1.10-8.el10_0.1.src",
"product_id": "openexr-0:3.1.10-8.el10_0.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_0.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_0.1.aarch64",
"product": {
"name": "openexr-0:3.1.10-8.el10_0.1.aarch64",
"product_id": "openexr-0:3.1.10-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"product_id": "openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"product_id": "openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_0.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_0.1.ppc64le",
"product": {
"name": "openexr-0:3.1.10-8.el10_0.1.ppc64le",
"product_id": "openexr-0:3.1.10-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"product_id": "openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"product_id": "openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_0.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_0.1.s390x",
"product": {
"name": "openexr-0:3.1.10-8.el10_0.1.s390x",
"product_id": "openexr-0:3.1.10-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"product_id": "openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"product_id": "openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_0.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_0.1.x86_64",
"product": {
"name": "openexr-0:3.1.10-8.el10_0.1.x86_64",
"product_id": "openexr-0:3.1.10-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"product_id": "openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"product_id": "openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_0.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.src",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27622",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-03-03T23:02:15.379586+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444251"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the `CompositeDeepScanLine::readPixels` function. This overflow leads to an undersized buffer allocation, which can then be overrun during write operations. Successful exploitation could result in arbitrary code execution or a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64"
],
"known_not_affected": [
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27622"
},
{
"category": "external",
"summary": "RHBZ#2444251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27622",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27622"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27622"
},
{
"category": "external",
"summary": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963",
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963"
}
],
"release_date": "2026-03-03T22:42:49.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:25:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7678"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.src",
"CRB-10.0.Z.E2S:openexr-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debuginfo-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-debugsource-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-devel-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-0:3.1.10-8.el10_0.1.x86_64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.aarch64",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.ppc64le",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.s390x",
"CRB-10.0.Z.E2S:openexr-libs-debuginfo-0:3.1.10-8.el10_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing"
}
]
}
RHSA-2026:7682
Vulnerability from csaf_redhat - Published: 2026-04-13 02:30 - Updated: 2026-04-13 08:42Summary
Red Hat Security Advisory: openexr security update
Severity
Important
Notes
Topic: An update for openexr is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.
Security Fix(es):
* openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the `CompositeDeepScanLine::readPixels` function. This overflow leads to an undersized buffer allocation, which can then be overrun during write operations. Successful exploitation could result in arbitrary code execution or a denial of service (DoS).
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7682
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openexr is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.\n\nSecurity Fix(es):\n\n* openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7682",
"url": "https://access.redhat.com/errata/RHSA-2026:7682"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2444251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444251"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7682.json"
}
],
"title": "Red Hat Security Advisory: openexr security update",
"tracking": {
"current_release_date": "2026-04-13T08:42:34+00:00",
"generator": {
"date": "2026-04-13T08:42:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:7682",
"initial_release_date": "2026-04-13T02:30:41+00:00",
"revision_history": [
{
"date": "2026-04-13T02:30:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:30:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-13T08:42:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_1.1.src",
"product": {
"name": "openexr-0:3.1.10-8.el10_1.1.src",
"product_id": "openexr-0:3.1.10-8.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_1.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_1.1.aarch64",
"product": {
"name": "openexr-0:3.1.10-8.el10_1.1.aarch64",
"product_id": "openexr-0:3.1.10-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"product_id": "openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"product_id": "openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_1.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_1.1.ppc64le",
"product": {
"name": "openexr-0:3.1.10-8.el10_1.1.ppc64le",
"product_id": "openexr-0:3.1.10-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"product_id": "openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"product_id": "openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_1.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_1.1.x86_64",
"product": {
"name": "openexr-0:3.1.10-8.el10_1.1.x86_64",
"product_id": "openexr-0:3.1.10-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"product_id": "openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"product_id": "openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_1.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-0:3.1.10-8.el10_1.1.s390x",
"product": {
"name": "openexr-0:3.1.10-8.el10_1.1.s390x",
"product_id": "openexr-0:3.1.10-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr@3.1.10-8.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"product": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"product_id": "openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs@3.1.10-8.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"product": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"product_id": "openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debugsource@3.1.10-8.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"product": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"product_id": "openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-debuginfo@3.1.10-8.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"product": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"product_id": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-libs-debuginfo@3.1.10-8.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"product": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"product_id": "openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openexr-devel@3.1.10-8.el10_1.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.src",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
},
"product_reference": "openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27622",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-03-03T23:02:15.379586+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444251"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the `CompositeDeepScanLine::readPixels` function. This overflow leads to an undersized buffer allocation, which can then be overrun during write operations. Successful exploitation could result in arbitrary code execution or a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27622"
},
{
"category": "external",
"summary": "RHBZ#2444251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27622",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27622"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27622"
},
{
"category": "external",
"summary": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963",
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963"
}
],
"release_date": "2026-03-03T22:42:49.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:30:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7682"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"AppStream-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"AppStream-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.src",
"CRB-10.1.Z:openexr-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debuginfo-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-debugsource-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-devel-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-0:3.1.10-8.el10_1.1.x86_64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.aarch64",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.ppc64le",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.s390x",
"CRB-10.1.Z:openexr-libs-debuginfo-0:3.1.10-8.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing"
}
]
}
FKIE_CVE-2026-27622
Vulnerability from fkie_nvd - Published: 2026-03-03 23:15 - Updated: 2026-03-05 21:07
Severity ?
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "637078D8-68DE-478F-B304-A08E80A7609C",
"versionEndExcluding": "3.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "529003A0-284B-4A1F-B4FF-CABB9A7534B5",
"versionEndExcluding": "3.3.8",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44066539-F7B6-415A-AE11-0F80BB8741D7",
"versionEndExcluding": "3.4.6",
"versionStartIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6."
},
{
"lang": "es",
"value": "OpenEXR proporciona la especificaci\u00f3n y la implementaci\u00f3n de referencia del formato de archivo EXR, un formato de almacenamiento de im\u00e1genes para la industria cinematogr\u00e1fica. En CompositeDeepScanLine::readPixels, los totales por p\u00edxel se acumulan en vector total_sizes para grandes recuentos controlados por el atacante en muchas partes, total_sizes[ptr] se ajusta m\u00f3dulo 2^32. overall_sample_count se deriva entonces de los totales ajustados y se utiliza en samples[channel].resize(overall_sample_count). La configuraci\u00f3n/consumo del puntero de decodificaci\u00f3n procede con recuentos de muestras verdaderos, y las operaciones de escritura en el desempaquetado central (generic_unpack_deep_pointers) desbordan el b\u00fafer de muestras compuesto de tama\u00f1o insuficiente. Esta vulnerabilidad se corrige en las versiones v3.2.6, v3.3.8 y v3.4.6."
}
],
"id": "CVE-2026-27622",
"lastModified": "2026-03-05T21:07:05.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-03T23:15:55.737",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
OPENSUSE-SU-2026:10303-1
Vulnerability from csaf_opensuse - Published: 2026-03-07 00:00 - Updated: 2026-03-07 00:00Summary
libIex-3_4-33-3.4.6-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: libIex-3_4-33-3.4.6-1.1 on GA media
Description of the patch: These are all security issues fixed in the libIex-3_4-33-3.4.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10303
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libIex-3_4-33-3.4.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libIex-3_4-33-3.4.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10303",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10303-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27622 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27622/"
}
],
"title": "libIex-3_4-33-3.4.6-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-07T00:00:00Z",
"generator": {
"date": "2026-03-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10303-1",
"initial_release_date": "2026-03-07T00:00:00Z",
"revision_history": [
{
"date": "2026-03-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_4-33-3.4.6-1.1.aarch64",
"product": {
"name": "libIex-3_4-33-3.4.6-1.1.aarch64",
"product_id": "libIex-3_4-33-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-32bit-3.4.6-1.1.aarch64",
"product": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.aarch64",
"product_id": "libIex-3_4-33-32bit-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product_id": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-3.4.6-1.1.aarch64",
"product": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.aarch64",
"product_id": "libIlmThread-3_4-33-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64",
"product": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64",
"product_id": "libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product_id": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.aarch64",
"product_id": "libOpenEXR-3_4-33-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64",
"product_id": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product_id": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64",
"product_id": "libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64",
"product_id": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product_id": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64",
"product_id": "libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64",
"product_id": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"product_id": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openexr-3.4.6-1.1.aarch64",
"product": {
"name": "openexr-3.4.6-1.1.aarch64",
"product_id": "openexr-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.4.6-1.1.aarch64",
"product": {
"name": "openexr-devel-3.4.6-1.1.aarch64",
"product_id": "openexr-devel-3.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openexr-doc-3.4.6-1.1.aarch64",
"product": {
"name": "openexr-doc-3.4.6-1.1.aarch64",
"product_id": "openexr-doc-3.4.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_4-33-3.4.6-1.1.ppc64le",
"product": {
"name": "libIex-3_4-33-3.4.6-1.1.ppc64le",
"product_id": "libIex-3_4-33-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product_id": "libIex-3_4-33-32bit-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product_id": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-3.4.6-1.1.ppc64le",
"product": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.ppc64le",
"product_id": "libIlmThread-3_4-33-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product_id": "libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product_id": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXR-3_4-33-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"product_id": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openexr-3.4.6-1.1.ppc64le",
"product": {
"name": "openexr-3.4.6-1.1.ppc64le",
"product_id": "openexr-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.4.6-1.1.ppc64le",
"product": {
"name": "openexr-devel-3.4.6-1.1.ppc64le",
"product_id": "openexr-devel-3.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openexr-doc-3.4.6-1.1.ppc64le",
"product": {
"name": "openexr-doc-3.4.6-1.1.ppc64le",
"product_id": "openexr-doc-3.4.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_4-33-3.4.6-1.1.s390x",
"product": {
"name": "libIex-3_4-33-3.4.6-1.1.s390x",
"product_id": "libIex-3_4-33-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-32bit-3.4.6-1.1.s390x",
"product": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.s390x",
"product_id": "libIex-3_4-33-32bit-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product_id": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-3.4.6-1.1.s390x",
"product": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.s390x",
"product_id": "libIlmThread-3_4-33-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x",
"product": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x",
"product_id": "libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product_id": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.s390x",
"product_id": "libOpenEXR-3_4-33-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x",
"product_id": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product_id": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.s390x",
"product_id": "libOpenEXRCore-3_4-33-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x",
"product_id": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product_id": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x",
"product_id": "libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x",
"product_id": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"product_id": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openexr-3.4.6-1.1.s390x",
"product": {
"name": "openexr-3.4.6-1.1.s390x",
"product_id": "openexr-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.4.6-1.1.s390x",
"product": {
"name": "openexr-devel-3.4.6-1.1.s390x",
"product_id": "openexr-devel-3.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openexr-doc-3.4.6-1.1.s390x",
"product": {
"name": "openexr-doc-3.4.6-1.1.s390x",
"product_id": "openexr-doc-3.4.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_4-33-3.4.6-1.1.x86_64",
"product": {
"name": "libIex-3_4-33-3.4.6-1.1.x86_64",
"product_id": "libIex-3_4-33-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-32bit-3.4.6-1.1.x86_64",
"product": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.x86_64",
"product_id": "libIex-3_4-33-32bit-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product_id": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-3.4.6-1.1.x86_64",
"product": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.x86_64",
"product_id": "libIlmThread-3_4-33-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64",
"product": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64",
"product_id": "libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product_id": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.x86_64",
"product_id": "libOpenEXR-3_4-33-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64",
"product_id": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product_id": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64",
"product_id": "libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64",
"product_id": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product_id": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64",
"product_id": "libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64",
"product_id": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"product_id": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openexr-3.4.6-1.1.x86_64",
"product": {
"name": "openexr-3.4.6-1.1.x86_64",
"product_id": "openexr-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.4.6-1.1.x86_64",
"product": {
"name": "openexr-devel-3.4.6-1.1.x86_64",
"product_id": "openexr-devel-3.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openexr-doc-3.4.6-1.1.x86_64",
"product": {
"name": "openexr-doc-3.4.6-1.1.x86_64",
"product_id": "openexr-doc-3.4.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.aarch64"
},
"product_reference": "libIex-3_4-33-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.ppc64le"
},
"product_reference": "libIex-3_4-33-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.s390x"
},
"product_reference": "libIex-3_4-33-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.x86_64"
},
"product_reference": "libIex-3_4-33-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.aarch64"
},
"product_reference": "libIex-3_4-33-32bit-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.ppc64le"
},
"product_reference": "libIex-3_4-33-32bit-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.s390x"
},
"product_reference": "libIex-3_4-33-32bit-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-32bit-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.x86_64"
},
"product_reference": "libIex-3_4-33-32bit-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
},
"product_reference": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
},
"product_reference": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
},
"product_reference": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
},
"product_reference": "libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.aarch64"
},
"product_reference": "libIlmThread-3_4-33-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.ppc64le"
},
"product_reference": "libIlmThread-3_4-33-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.s390x"
},
"product_reference": "libIlmThread-3_4-33-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.x86_64"
},
"product_reference": "libIlmThread-3_4-33-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64"
},
"product_reference": "libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le"
},
"product_reference": "libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x"
},
"product_reference": "libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64"
},
"product_reference": "libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
},
"product_reference": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
},
"product_reference": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
},
"product_reference": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
},
"product_reference": "libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXR-3_4-33-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXR-3_4-33-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXR-3_4-33-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXR-3_4-33-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXRCore-3_4-33-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64"
},
"product_reference": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le"
},
"product_reference": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x"
},
"product_reference": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-3.4.6-1.1.aarch64"
},
"product_reference": "openexr-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-3.4.6-1.1.ppc64le"
},
"product_reference": "openexr-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-3.4.6-1.1.s390x"
},
"product_reference": "openexr-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-3.4.6-1.1.x86_64"
},
"product_reference": "openexr-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.aarch64"
},
"product_reference": "openexr-devel-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.ppc64le"
},
"product_reference": "openexr-devel-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.s390x"
},
"product_reference": "openexr-devel-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.x86_64"
},
"product_reference": "openexr-devel-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-doc-3.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.aarch64"
},
"product_reference": "openexr-doc-3.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-doc-3.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.ppc64le"
},
"product_reference": "openexr-doc-3.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-doc-3.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.s390x"
},
"product_reference": "openexr-doc-3.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-doc-3.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.x86_64"
},
"product_reference": "openexr-doc-3.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27622"
}
],
"notes": [
{
"category": "general",
"text": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27622",
"url": "https://www.suse.com/security/cve/CVE-2026-27622"
},
{
"category": "external",
"summary": "SUSE Bug 1259177 for CVE-2026-27622",
"url": "https://bugzilla.suse.com/1259177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIex-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libIlmThread-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXR-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRCore-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-32bit-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:libOpenEXRUtil-3_4-33-x86-64-v3-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-devel-3.4.6-1.1.x86_64",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.aarch64",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.s390x",
"openSUSE Tumbleweed:openexr-doc-3.4.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27622"
}
]
}
OPENSUSE-SU-2026:20433-1
Vulnerability from csaf_opensuse - Published: 2026-03-26 10:03 - Updated: 2026-03-26 10:03Summary
Security update for openexr
Severity
Important
Notes
Title of the patch: Security update for openexr
Description of the patch: This update for openexr fixes the following issue:
- CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177).
Patchnames: openSUSE-Leap-16.0-450
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openexr",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openexr fixes the following issue:\n\n- CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-450",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20433-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1259177",
"url": "https://bugzilla.suse.com/1259177"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27622 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27622/"
}
],
"title": "Security update for openexr",
"tracking": {
"current_release_date": "2026-03-26T10:03:06Z",
"generator": {
"date": "2026-03-26T10:03:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20433-1",
"initial_release_date": "2026-03-26T10:03:06Z",
"revision_history": [
{
"date": "2026-03-26T10:03:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.aarch64",
"product": {
"name": "openexr-3.2.2-160000.5.1.aarch64",
"product_id": "openexr-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.2.2-160000.5.1.aarch64",
"product": {
"name": "openexr-devel-3.2.2-160000.5.1.aarch64",
"product_id": "openexr-devel-3.2.2-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-doc-3.2.2-160000.5.1.noarch",
"product": {
"name": "openexr-doc-3.2.2-160000.5.1.noarch",
"product_id": "openexr-doc-3.2.2-160000.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "openexr-3.2.2-160000.5.1.ppc64le",
"product_id": "openexr-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "openexr-devel-3.2.2-160000.5.1.ppc64le",
"product_id": "openexr-devel-3.2.2-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.s390x",
"product": {
"name": "openexr-3.2.2-160000.5.1.s390x",
"product_id": "openexr-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.2.2-160000.5.1.s390x",
"product": {
"name": "openexr-devel-3.2.2-160000.5.1.s390x",
"product_id": "openexr-devel-3.2.2-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.x86_64",
"product": {
"name": "openexr-3.2.2-160000.5.1.x86_64",
"product_id": "openexr-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openexr-devel-3.2.2-160000.5.1.x86_64",
"product": {
"name": "openexr-devel-3.2.2-160000.5.1.x86_64",
"product_id": "openexr-devel-3.2.2-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.aarch64"
},
"product_reference": "openexr-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "openexr-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.s390x"
},
"product_reference": "openexr-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.x86_64"
},
"product_reference": "openexr-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.2.2-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.aarch64"
},
"product_reference": "openexr-devel-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.2.2-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "openexr-devel-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.2.2-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.s390x"
},
"product_reference": "openexr-devel-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-devel-3.2.2-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.x86_64"
},
"product_reference": "openexr-devel-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-doc-3.2.2-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
},
"product_reference": "openexr-doc-3.2.2-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27622"
}
],
"notes": [
{
"category": "general",
"text": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27622",
"url": "https://www.suse.com/security/cve/CVE-2026-27622"
},
{
"category": "external",
"summary": "SUSE Bug 1259177 for CVE-2026-27622",
"url": "https://bugzilla.suse.com/1259177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:openexr-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.aarch64",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.ppc64le",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.s390x",
"openSUSE Leap 16.0:openexr-devel-3.2.2-160000.5.1.x86_64",
"openSUSE Leap 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:03:06Z",
"details": "important"
}
],
"title": "CVE-2026-27622"
}
]
}
GHSA-CR4V-6JM6-4963
Vulnerability from github – Published: 2026-03-02 18:30 – Updated: 2026-03-04 02:00
VLAI?
Summary
OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write
Details
Summary
Function: CompositeDeepScanLine::readPixels, reachable from high-level multipart deep read flows (MultiPartInputFile + DeepScanLineInputPart + CompositeDeepScanLine).
Vulnerable lines (src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp):
- total_sizes[ptr] += counts[j][ptr]; (line ~511)
- overall_sample_count += total_sizes[ptr]; (line ~514)
- samples[channel].resize (overall_sample_count); (line ~535)
Impact: 32-bit sample-count accumulation wrap leads to undersized allocation, then decode writes with true sample volume, causing heap OOB write in generic_unpack_deep_pointers (src/lib/OpenEXRCore/unpack.c:1374) (DoS/Crash, memory corruption/RCE).
Attack scenario:
- Attacker provides multipart deep EXR with many parts and very large sample counts per pixel.
- Uses compression (RLE/ZIPS) to keep file size relatively small vs decode pressure.
- The overflow happens in composite sample accounting (unsigned int), while pointer progression for decode uses larger counters and reaches out-of-bounds.
Tested on: OpenEXR 4.0.0-dev (commit 83449669402080874b25ff1fa740649a9e6ea064) but this code has existed since v2.3.0
Steps to reproduce
composite_deepscanline_poc_bundle.patch
PoC files used:
- Writer/generator: poc/composite_deep_scanline_e2e_compressed_poc.cpp
- Minimal high-level reader harness: poc/simple_exr_reader.cpp
The reader harness intentionally mimics realistic app behavior: open EXR, iterate parts, select DEEPSCANLINE, add sources to CompositeDeepScanLine, bind a normal FrameBuffer, then call readPixels.
Build with ASAN/UBSAN:
cmake -S . -B build-asan \
-DOPENEXR_BUILD_POC=ON \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DCMAKE_C_FLAGS='-fsanitize=address,undefined -fno-omit-frame-pointer' \
-DCMAKE_CXX_FLAGS='-fsanitize=address,undefined -fno-omit-frame-pointer' \
-DCMAKE_EXE_LINKER_FLAGS='-fsanitize=address,undefined' \
-DCMAKE_SHARED_LINKER_FLAGS='-fsanitize=address,undefined'
cmake --build build-asan --target composite_writer simple_exr_reader -j
Generate malicious file (decode-path focused profile):
ASAN_OPTIONS=detect_leaks=0 timeout 180s \
./build-asan/poc/composite_writer \
--profile low-ram \
--file /tmp/composite_decode_focus.exr
Trigger:
ASAN_OPTIONS=detect_leaks=0 timeout 30s \
./build-asan/poc/simple_exr_reader /tmp/composite_decode_focus.exr
ASAN builds are slower. If needed, a non-sanitized build + debugger is faster for iteration.
Example runs
Writer (abbrev):
❯ ./build-asan/poc/composite_writer
exploit math:
benign samples : 300
malicious parts : 86
malicious samples per part : 50000000
true total samples : 4300000300
uint32 overflow reached : yes
wrapped uint32 total : 5033004
composite Z/A alloc from wrap : 40264032 bytes (38.40 MiB)
per-part unpacked sample bytes : 300000000 bytes (286.10 MiB)
min parts to overflow (current benign/samples): 86
writing compressed multipart deep EXR: /tmp/composite_deep_scanline_e2e_compressed.exr
writing donor malicious part (50000000 samples)
copying malicious part 1/86 from donor chunk
...
file size: 26112896 bytes (24.90 MiB)
Reader ASAN crash:
❯ ./build-asan/poc/simple_exr_reader
reading /tmp/composite_overflow_optimized.exr with 16 deepscanline parts
=================================================================
==175024==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7ed1a55d90b0 at pc 0x7ed1da7854f7 bp 0x7ffe8c83a680 sp 0x7ffe8c83a670
WRITE of size 4 at 0x7ed1a55d90b0 thread T0
#0 0x7ed1da7854f6 in generic_unpack_deep_pointers /home/pop/sec/openexr/src/lib/OpenEXRCore/unpack.c:1374
#1 0x7ed1da7623e9 in exr_decoding_run /home/pop/sec/openexr/src/lib/OpenEXRCore/decoding.c:664
#2 0x7ed1dbcb153b in run_decode /home/pop/sec/openexr/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp:816
#3 0x7ed1dbcc597f in Imf_4_0::DeepScanLineInputFile::Data::readData(Imf_4_0::DeepFrameBuffer const&, int, int, bool) /home/pop/sec/openexr/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp:568
#4 0x7ed1dbc01ca4 in Imf_4_0::CompositeDeepScanLine::readPixels(int, int) /home/pop/sec/openexr/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp:576
#5 0x64669005f233 in main /home/pop/sec/openexr/poc/simple_exr_reader.cpp:88
#6 0x7ed1d942a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x7ed1d942a28a in __libc_start_main_impl ../csu/libc-start.c:360
#8 0x6466900601e4 in _start (/home/pop/sec/openexr/build-asan/poc/simple_exr_reader+0x1b1e4) (BuildId: 86b018d0dce48def6ca06be031266f0205c914d2)
0x7ed1a55d90b0 is located 0 bytes after 820132016-byte region [0x7ed1747b5800,0x7ed1a55d90b0)
allocated by thread T0 here:
#0 0x7ed1dd0fe548 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
#1 0x7ed1dbc29600 in std::__new_allocator<float>::allocate(unsigned long, void const*) /usr/include/c++/13/bits/new_allocator.h:151
#2 0x7ed1dbc29600 in std::allocator_traits<std::allocator<float> >::allocate(std::allocator<float>&, unsigned long) /usr/include/c++/13/bits/alloc_traits.h:482
#3 0x7ed1dbc29600 in std::_Vector_base<float, std::allocator<float> >::_M_allocate(unsigned long) /usr/include/c++/13/bits/stl_vector.h:381
#4 0x7ed1dbc29600 in std::_Vector_base<float, std::allocator<float> >::_M_allocate(unsigned long) /usr/include/c++/13/bits/stl_vector.h:378
#5 0x7ed1dbc29600 in std::vector<float, std::allocator<float> >::_M_default_append(unsigned long) /usr/include/c++/13/bits/vector.tcc:663
#6 0x7ed1dbc00184 in std::vector<float, std::allocator<float> >::resize(unsigned long) /usr/include/c++/13/bits/stl_vector.h:1016
#7 0x7ed1dbc00184 in Imf_4_0::CompositeDeepScanLine::readPixels(int, int) /home/pop/sec/openexr/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp:535
#8 0x64669005f233 in main /home/pop/sec/openexr/poc/simple_exr_reader.cpp:88
#9 0x7ed1d942a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#10 0x7ed1d942a28a in __libc_start_main_impl ../csu/libc-start.c:360
#11 0x6466900601e4 in _start (/home/pop/sec/openexr/build-asan/poc/simple_exr_reader+0x1b1e4) (BuildId: 86b018d0dce48def6ca06be031266f0205c914d2)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/pop/sec/openexr/src/lib/OpenEXRCore/unpack.c:1374 in generic_unpack_deep_pointers
Shadow bytes around the buggy address:
0x7ed1a55d8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ed1a55d8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ed1a55d8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ed1a55d8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ed1a55d9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7ed1a55d9080: 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa
0x7ed1a55d9100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7ed1a55d9180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7ed1a55d9200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7ed1a55d9280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x7ed1a55d9300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==175024==ABORTING
Root cause analysis
In CompositeDeepScanLine::readPixels:
- Per-pixel totals are accumulated in
vector<unsigned int> total_sizes. - For attacker-controlled large counts across many parts,
total_sizes[ptr]wraps modulo2^32. overall_sample_countis then derived from wrapped totals and used insamples[channel].resize(overall_sample_count).- Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (
generic_unpack_deep_pointers) overrun the undersized composite sample buffer.
Allocation is based on a tiny wrapped value, but decode writes correspond to the true large sample volume.
Impact
Heap OOB write during decode. This is at minimum a reliable crash/DoS. As heap corruption, this bug could be used for potential remote code execution.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "OpenEXR"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "3.2.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "OpenEXR"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "OpenEXR"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"fixed": "3.4.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27622"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-02T18:30:20Z",
"nvd_published_at": "2026-03-03T23:15:55Z",
"severity": "HIGH"
},
"details": "## Summary\n\nFunction: `CompositeDeepScanLine::readPixels`, reachable from high-level multipart deep read flows (`MultiPartInputFile` + `DeepScanLineInputPart` + `CompositeDeepScanLine`).\n\nVulnerable lines (`src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp`):\n- `total_sizes[ptr] += counts[j][ptr];` (line ~511)\n- `overall_sample_count += total_sizes[ptr];` (line ~514)\n- `samples[channel].resize (overall_sample_count);` (line ~535)\n\nImpact: 32-bit sample-count accumulation wrap leads to undersized allocation, then decode writes with true sample volume, causing heap OOB write in `generic_unpack_deep_pointers` (`src/lib/OpenEXRCore/unpack.c:1374`) (DoS/Crash, memory corruption/RCE).\n\nAttack scenario:\n- Attacker provides multipart deep EXR with many parts and very large sample counts per pixel.\n- Uses compression (RLE/ZIPS) to keep file size relatively small vs decode pressure.\n- The overflow happens in composite sample accounting (`unsigned int`), while pointer progression for decode uses larger counters and reaches out-of-bounds.\n\nTested on: `OpenEXR 4.0.0-dev` (commit 83449669402080874b25ff1fa740649a9e6ea064) but this code has existed since v2.3.0\n\n## Steps to reproduce\n\n[composite_deepscanline_poc_bundle.patch](https://github.com/user-attachments/files/25383205/composite_deepscanline_poc_bundle.patch)\n\nPoC files used:\n- Writer/generator: `poc/composite_deep_scanline_e2e_compressed_poc.cpp`\n- Minimal high-level reader harness: `poc/simple_exr_reader.cpp`\n\nThe reader harness intentionally mimics realistic app behavior: open EXR, iterate parts, select `DEEPSCANLINE`, add sources to `CompositeDeepScanLine`, bind a normal `FrameBuffer`, then call `readPixels`.\n\nBuild with ASAN/UBSAN:\n\n```bash\ncmake -S . -B build-asan \\\n -DOPENEXR_BUILD_POC=ON \\\n -DCMAKE_BUILD_TYPE=RelWithDebInfo \\\n -DCMAKE_C_FLAGS=\u0027-fsanitize=address,undefined -fno-omit-frame-pointer\u0027 \\\n -DCMAKE_CXX_FLAGS=\u0027-fsanitize=address,undefined -fno-omit-frame-pointer\u0027 \\\n -DCMAKE_EXE_LINKER_FLAGS=\u0027-fsanitize=address,undefined\u0027 \\\n -DCMAKE_SHARED_LINKER_FLAGS=\u0027-fsanitize=address,undefined\u0027\n\ncmake --build build-asan --target composite_writer simple_exr_reader -j\n```\n\nGenerate malicious file (decode-path focused profile):\n\n```bash\nASAN_OPTIONS=detect_leaks=0 timeout 180s \\\n ./build-asan/poc/composite_writer \\\n --profile low-ram \\\n --file /tmp/composite_decode_focus.exr\n```\n\nTrigger:\n\n```bash\nASAN_OPTIONS=detect_leaks=0 timeout 30s \\\n ./build-asan/poc/simple_exr_reader /tmp/composite_decode_focus.exr\n```\n\nASAN builds are slower. If needed, a non-sanitized build + debugger is faster for iteration.\n\n## Example runs\n\nWriter (abbrev):\n\n```bash\n\u276f ./build-asan/poc/composite_writer\nexploit math:\n benign samples : 300\n malicious parts : 86\n malicious samples per part : 50000000\n true total samples : 4300000300\n uint32 overflow reached : yes\n wrapped uint32 total : 5033004\n composite Z/A alloc from wrap : 40264032 bytes (38.40 MiB)\n per-part unpacked sample bytes : 300000000 bytes (286.10 MiB)\n min parts to overflow (current benign/samples): 86\nwriting compressed multipart deep EXR: /tmp/composite_deep_scanline_e2e_compressed.exr\nwriting donor malicious part (50000000 samples)\ncopying malicious part 1/86 from donor chunk\n...\nfile size: 26112896 bytes (24.90 MiB)\n```\n\nReader ASAN crash:\n\n```bash\n\u276f ./build-asan/poc/simple_exr_reader\nreading /tmp/composite_overflow_optimized.exr with 16 deepscanline parts\n=================================================================\n==175024==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7ed1a55d90b0 at pc 0x7ed1da7854f7 bp 0x7ffe8c83a680 sp 0x7ffe8c83a670\nWRITE of size 4 at 0x7ed1a55d90b0 thread T0\n #0 0x7ed1da7854f6 in generic_unpack_deep_pointers /home/pop/sec/openexr/src/lib/OpenEXRCore/unpack.c:1374\n #1 0x7ed1da7623e9 in exr_decoding_run /home/pop/sec/openexr/src/lib/OpenEXRCore/decoding.c:664\n #2 0x7ed1dbcb153b in run_decode /home/pop/sec/openexr/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp:816\n #3 0x7ed1dbcc597f in Imf_4_0::DeepScanLineInputFile::Data::readData(Imf_4_0::DeepFrameBuffer const\u0026, int, int, bool) /home/pop/sec/openexr/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp:568\n #4 0x7ed1dbc01ca4 in Imf_4_0::CompositeDeepScanLine::readPixels(int, int) /home/pop/sec/openexr/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp:576\n #5 0x64669005f233 in main /home/pop/sec/openexr/poc/simple_exr_reader.cpp:88\n #6 0x7ed1d942a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n #7 0x7ed1d942a28a in __libc_start_main_impl ../csu/libc-start.c:360\n #8 0x6466900601e4 in _start (/home/pop/sec/openexr/build-asan/poc/simple_exr_reader+0x1b1e4) (BuildId: 86b018d0dce48def6ca06be031266f0205c914d2)\n\n0x7ed1a55d90b0 is located 0 bytes after 820132016-byte region [0x7ed1747b5800,0x7ed1a55d90b0)\nallocated by thread T0 here:\n #0 0x7ed1dd0fe548 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95\n #1 0x7ed1dbc29600 in std::__new_allocator\u003cfloat\u003e::allocate(unsigned long, void const*) /usr/include/c++/13/bits/new_allocator.h:151\n #2 0x7ed1dbc29600 in std::allocator_traits\u003cstd::allocator\u003cfloat\u003e \u003e::allocate(std::allocator\u003cfloat\u003e\u0026, unsigned long) /usr/include/c++/13/bits/alloc_traits.h:482\n #3 0x7ed1dbc29600 in std::_Vector_base\u003cfloat, std::allocator\u003cfloat\u003e \u003e::_M_allocate(unsigned long) /usr/include/c++/13/bits/stl_vector.h:381\n #4 0x7ed1dbc29600 in std::_Vector_base\u003cfloat, std::allocator\u003cfloat\u003e \u003e::_M_allocate(unsigned long) /usr/include/c++/13/bits/stl_vector.h:378\n #5 0x7ed1dbc29600 in std::vector\u003cfloat, std::allocator\u003cfloat\u003e \u003e::_M_default_append(unsigned long) /usr/include/c++/13/bits/vector.tcc:663\n #6 0x7ed1dbc00184 in std::vector\u003cfloat, std::allocator\u003cfloat\u003e \u003e::resize(unsigned long) /usr/include/c++/13/bits/stl_vector.h:1016\n #7 0x7ed1dbc00184 in Imf_4_0::CompositeDeepScanLine::readPixels(int, int) /home/pop/sec/openexr/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp:535\n #8 0x64669005f233 in main /home/pop/sec/openexr/poc/simple_exr_reader.cpp:88\n #9 0x7ed1d942a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n #10 0x7ed1d942a28a in __libc_start_main_impl ../csu/libc-start.c:360\n #11 0x6466900601e4 in _start (/home/pop/sec/openexr/build-asan/poc/simple_exr_reader+0x1b1e4) (BuildId: 86b018d0dce48def6ca06be031266f0205c914d2)\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow /home/pop/sec/openexr/src/lib/OpenEXRCore/unpack.c:1374 in generic_unpack_deep_pointers\nShadow bytes around the buggy address:\n 0x7ed1a55d8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x7ed1a55d8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x7ed1a55d8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x7ed1a55d8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x7ed1a55d9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=\u003e0x7ed1a55d9080: 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa\n 0x7ed1a55d9100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x7ed1a55d9180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x7ed1a55d9200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x7ed1a55d9280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x7ed1a55d9300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07\n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n==175024==ABORTING\n```\n\n## Root cause analysis\n\nIn `CompositeDeepScanLine::readPixels`:\n\n1. Per-pixel totals are accumulated in `vector\u003cunsigned int\u003e total_sizes`.\n2. For attacker-controlled large counts across many parts, `total_sizes[ptr]` wraps modulo `2^32`.\n3. `overall_sample_count` is then derived from wrapped totals and used in `samples[channel].resize(overall_sample_count)`.\n4. Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (`generic_unpack_deep_pointers`) overrun the undersized composite sample buffer.\n\n\nAllocation is based on a tiny wrapped value, but decode writes correspond to the true large sample volume.\n\n## Impact\n\nHeap OOB write during decode. This is at minimum a reliable crash/DoS. As heap corruption, this bug could be used for potential remote code execution.",
"id": "GHSA-cr4v-6jm6-4963",
"modified": "2026-03-04T02:00:10Z",
"published": "2026-03-02T18:30:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27622"
},
{
"type": "PACKAGE",
"url": "https://github.com/AcademySoftwareFoundation/openexr"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenEXR\u0027s CompositeDeepScanLine integer-overflow leads to heap OOB write"
}
SUSE-SU-2026:20936-1
Vulnerability from csaf_suse - Published: 2026-03-26 10:00 - Updated: 2026-03-26 10:00Summary
Security update for openexr
Severity
Important
Notes
Title of the patch: Security update for openexr
Description of the patch: This update for openexr fixes the following issue:
- CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177).
Patchnames: SUSE-SLES-16.0-450
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openexr",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openexr fixes the following issue:\n\n- CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-450",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20936-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20936-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620936-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20936-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045216.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259177",
"url": "https://bugzilla.suse.com/1259177"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27622 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27622/"
}
],
"title": "Security update for openexr",
"tracking": {
"current_release_date": "2026-03-26T10:00:01Z",
"generator": {
"date": "2026-03-26T10:00:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20936-1",
"initial_release_date": "2026-03-26T10:00:01Z",
"revision_history": [
{
"date": "2026-03-26T10:00:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.aarch64",
"product": {
"name": "openexr-3.2.2-160000.5.1.aarch64",
"product_id": "openexr-3.2.2-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openexr-doc-3.2.2-160000.5.1.noarch",
"product": {
"name": "openexr-doc-3.2.2-160000.5.1.noarch",
"product_id": "openexr-doc-3.2.2-160000.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.ppc64le",
"product": {
"name": "openexr-3.2.2-160000.5.1.ppc64le",
"product_id": "openexr-3.2.2-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.s390x",
"product": {
"name": "openexr-3.2.2-160000.5.1.s390x",
"product_id": "openexr-3.2.2-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libIex-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product": {
"name": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"product_id": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openexr-3.2.2-160000.5.1.x86_64",
"product": {
"name": "openexr-3.2.2-160000.5.1.x86_64",
"product_id": "openexr-3.2.2-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.aarch64"
},
"product_reference": "openexr-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "openexr-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.s390x"
},
"product_reference": "openexr-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.x86_64"
},
"product_reference": "openexr-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-doc-3.2.2-160000.5.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
},
"product_reference": "openexr-doc-3.2.2-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64"
},
"product_reference": "libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.aarch64"
},
"product_reference": "openexr-3.2.2-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.ppc64le"
},
"product_reference": "openexr-3.2.2-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.s390x"
},
"product_reference": "openexr-3.2.2-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-3.2.2-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.x86_64"
},
"product_reference": "openexr-3.2.2-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openexr-doc-3.2.2-160000.5.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
},
"product_reference": "openexr-doc-3.2.2-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27622"
}
],
"notes": [
{
"category": "general",
"text": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector\u003cunsigned int\u003e total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openexr-doc-3.2.2-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27622",
"url": "https://www.suse.com/security/cve/CVE-2026-27622"
},
{
"category": "external",
"summary": "SUSE Bug 1259177 for CVE-2026-27622",
"url": "https://bugzilla.suse.com/1259177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openexr-doc-3.2.2-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openexr-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openexr-doc-3.2.2-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-3.2.2-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openexr-doc-3.2.2-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T10:00:01Z",
"details": "important"
}
],
"title": "CVE-2026-27622"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…