HCE2-SA-2026-0085 Important HCE 2.0 Security Fix(es): OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue. (CVE-2025-64181) OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6. (CVE-2026-27622) HCE 2.0 OpenEXR-3.1.5-4.r1.hce2.x86_64.rpm OpenEXR-devel-3.1.5-4.r1.hce2.x86_64.rpm OpenEXR-libs-3.1.5-4.r1.hce2.x86_64.rpm OpenEXR-3.1.5-4.r1.hce2.aarch64.rpm OpenEXR-devel-3.1.5-4.r1.hce2.aarch64.rpm OpenEXR-libs-3.1.5-4.r1.hce2.aarch64.rpm