rootio-openexr: Untrusted File Processing Allows Malicious Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-openexr: Untrusted File Processing Allows Malicious Code Execution

ROOT-OS-DEBIAN-12-CVE-2026-27622

Summary

The rootio-openexr package for Debian 12 has a vulnerability that allows an attacker to execute malicious code if they can trick the system into processing a specially crafted file. This could potentially allow an attacker to take control of the system. To protect your system, update to a patched version of rootio-openexr if available.

What to do

Update rootio-openexr to version 3.1.5-5.root.io.10.

Affected software

Vendor	Product	Affected versions	Fix available
–	rootio-openexr	<= 3.1.5-5.root.io.10	3.1.5-5.root.io.10

Original title

CVE-2026-27622 in rootio-openexr - Patched by Root

Original description

Root has patched CVE-2026-27622 in the rootio-openexr package for Root:Debian:12. Multiple fixed versions available.

Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026