Amazon Linux 2023 Security Advisory: ALAS2023-2026-1561
Advisory Released Date: 2026-04-13
Advisory Updated Date: 2026-04-13
Severity:
Medium
Issue Overview:
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run(). Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout-dependent). This issue has been patched in version 3.4.8. (CVE-2026-34544)
Affected Packages:
openexr
Issue Correction:
Run dnf update openexr --releasever 2023.11.20260413 or dnf update --advisory ALAS2023-2026-1561 --releasever 2023.11.20260413 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
openexr-debuginfo-3.1.5-1.amzn2023.0.8.aarch64
openexr-libs-debuginfo-3.1.5-1.amzn2023.0.8.aarch64
openexr-libs-3.1.5-1.amzn2023.0.8.aarch64
openexr-3.1.5-1.amzn2023.0.8.aarch64
openexr-debugsource-3.1.5-1.amzn2023.0.8.aarch64
openexr-devel-3.1.5-1.amzn2023.0.8.aarch64
src:
openexr-3.1.5-1.amzn2023.0.8.src
x86_64:
openexr-libs-debuginfo-3.1.5-1.amzn2023.0.8.x86_64
openexr-libs-3.1.5-1.amzn2023.0.8.x86_64
openexr-debugsource-3.1.5-1.amzn2023.0.8.x86_64
openexr-devel-3.1.5-1.amzn2023.0.8.x86_64
openexr-debuginfo-3.1.5-1.amzn2023.0.8.x86_64
openexr-3.1.5-1.amzn2023.0.8.x86_64