CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-42217 — OpenEXR provides the specification and reference implementation of the EXR file ...

·Source: NIST NVD

Updated:

Executive Summary

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code exe

Analysis

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code executes a left shift by 70 on a 64-bit value, which is undefined behavior. This issue has been patched in versions 3.2.9, 3.3.11, and 3.4.11. CVSS Score: 9.8. Published: 2026-05-07T04:16:34.387.

Indicators of Compromise (1)

CVE (1)
CVE-2026-42217
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control

CVE-2026-41940
The Hacker News
MEDIUMVulnerabilityNEW

Visa unveils Tap to Confirm tech

Visa has introduced technology lets people verify their identity or activate a new card by tapping their physical card to their mobile inside the issuer’s banking app.

Finextra
MEDIUMVulnerability

Frame Security Emerges From Stealth With $50M for Awareness and Training Platform

Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M for Awareness and Training Platform appeared first on SecurityWeek .

SecurityWeek