Critical Denial of Service Vulnerabilities in Fedora's MinGW OpenEXR Library

Critical Denial of Service Vulnerabilities in Fedora's MinGW OpenEXR Library

First seen 17 Mar 2026, 06:36 UTC Linuxsecurity 96% similarity 70.5

Article Content

Browse articles
ThreatCluster

Fedora has released updates for the MinGW Windows OpenEXR library due to significant vulnerabilities. Two critical CVEs have been identified: CVE-2026-26981, published on 2026-02-24, which allows for denial of service via a heap-buffer overflow when parsing malformed EXR files, and CVE-2026-27622, published on 2026-03-03, which enables arbitrary code execution through integer overflow in EXR file processing. The updates are available for versions 3.3.8 and 3.4.6. Users are advised to upgrade their systems using the 'dnf' update program to mitigate these risks. The vulnerabilities affect all Fedora systems utilizing the MinGW OpenEXR library. The potential impact includes service disruptions and unauthorized code execution. Current status indicates that patches are available, but users must act promptly to secure their systems.

Key Points: • Two critical CVEs identified in Fedora's MinGW OpenEXR library. • CVE-2026-26981 allows denial of service via heap-buffer overflow. • CVE-2026-27622 enables arbitrary code execution through integer overflow.

ThreatCluster AI

Timeline

2026-02-24
CVE-2026-26981 published
2026-03-03
CVE-2026-27622 published
2026-03-08
Updates released for OpenEXR library
2026-03-17
Articles published detailing vulnerabilities

Community

Browse all →