CVE-2026-34543: Openexr Bounds Check Capacity Mismatch

Bounds checking against the expected uncompressed capacity rather than the actual decompressed payload length may lead to out-of-bounds reads into uninitialized memory.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0c

greprules fetch cve-2026-34543-openexr-bounds-check-capacity-mismatch --engine opengrep

Description

Bounds checking against the expected uncompressed capacity rather than the actual decompressed payload length may lead to out-of-bounds reads into uninitialized memory.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 108 downloads
0 direct108 via packs
· 0 stars · Trust score 53How trust works
Included packs: 2 packs

Community feedback

Mark useful Report false positive Suggest metadata