Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Red Hat OpenEXR Library Unpatched on Your Server

RHSA-2026:17658

Summary

A security issue has been discovered in the OpenEXR library used by Red Hat products. This issue could allow an attacker to execute arbitrary code on a vulnerable system. You should update your Red Hat system to the latest version of OpenEXR to fix this issue.

What to do

Update redhat openexr to version 0:3.1.1-2.el9_4.3.
Update redhat openexr-debuginfo to version 0:3.1.1-2.el9_4.3.
Update redhat openexr-debugsource to version 0:3.1.1-2.el9_4.3.
Update redhat openexr-devel to version 0:3.1.1-2.el9_4.3.
Update redhat openexr-libs to version 0:3.1.1-2.el9_4.3.
Update redhat openexr-libs-debuginfo to version 0:3.1.1-2.el9_4.3.

Affected software

Ecosystem	Vendor	Product	Affected versions
Red Hat:rhel_eus:9.4::appstream	redhat	openexr	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::appstream	redhat	openexr-debuginfo	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::appstream	redhat	openexr-debugsource	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::appstream	redhat	openexr-devel	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::appstream	redhat	openexr-libs	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::appstream	redhat	openexr-libs-debuginfo	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::crb	redhat	openexr	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::crb	redhat	openexr-debuginfo	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::crb	redhat	openexr-debugsource	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::crb	redhat	openexr-devel	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::crb	redhat	openexr-libs	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3
Red Hat:rhel_eus:9.4::crb	redhat	openexr-libs-debuginfo	< 0:3.1.1-2.el9_4.3 Fix: upgrade to 0:3.1.1-2.el9_4.3

Original title

Red Hat Security Advisory: openexr update

osv CVSS3.1 8.8

https://access.redhat.com/errata/RHSA-2026:17658 Vendor Advisory
https://access.redhat.com/security/updates/classification/#important Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2455408 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_17658.... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-34588 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-34588 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-34588 Vendor Advisory
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-58... Third Party Advisory

Published: 15 May 2026 · Updated: 15 May 2026 · First seen: 15 May 2026