[USN-8259-1] OpenEXR vulnerabilities

========================================================================== Ubuntu Security Notice USN-8259-1 May 07, 2026 openexr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenEXR. Software Description: - openexr: tools for the OpenEXR image format Details: Quang Luong discovered that OpenEXR incorrectly handled sample count accumulation when processing deep scan line image files. An attacker could possibly use this issue to cause OpenEXR to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-27622) It was discovered that OpenEXR had an integer overflow in the PXR24 decoder. An attacker could possibly use this issue to cause OpenEXR to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-34380) Quang Luong discovered that OpenEXR had a signed integer overflow in the PIZ decoder. An attacker could possibly use this issue to cause OpenEXR to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-34588) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libopenexr-3-1-30 3.1.13-2ubuntu0.26.04.1~esm1 Available with Ubuntu Pro openexr 3.1.13-2ubuntu0.26.04.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS libopenexr-3-1-30 3.1.5-5.1ubuntu0.1~esm1 Available with Ubuntu Pro openexr 3.1.5-5.1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libopenexr25 2.5.7-1ubuntu0.1~esm2 Available with Ubuntu Pro openexr 2.5.7-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libopenexr24 2.3.0-6ubuntu0.5+esm2 Available with Ubuntu Pro openexr 2.3.0-6ubuntu0.5+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libopenexr22 2.2.0-11.1ubuntu1.9+esm1 Available with Ubuntu Pro openexr 2.2.0-11.1ubuntu1.9+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libopenexr22 2.2.0-10ubuntu2.6+esm4 Available with Ubuntu Pro openexr 2.2.0-10ubuntu2.6+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8259-1 CVE-2026-27622, CVE-2026-34380, CVE-2026-34588