Resolves: RHEL-153067 - fix CVE-2026-27622

Signed-off-by: Josef Ridky <jridky@redhat.com>

OpenEXR.spec

@@ -1,7 +1,7 @@
 Name:	 OpenEXR
 Summary: A high dynamic-range (HDR) image file format
 Version: 2.2.0
-Release: 12%{?dist}
+Release: 12%{?dist}.1
 
 License: BSD
 URL:	 http://www.openexr.com/
@@ -9,6 +9,8 @@ Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}
 # fix tests for big endian arches
 # https://github.com/openexr/openexr/issues/81
 Patch0:  openexr-2.1.0-bigendian.patch
+# Fix CVE 2026-27622
+Patch1:  openexr-CVE-2026-27622.patch
 
 Obsoletes: openexr < %{version}-%{release}
 Provides:  openexr = %{version}-%{release}
@@ -45,7 +47,7 @@ Summary: %{name} runtime libraries
 %prep
 %setup -q -n openexr-%{version}
 %patch0 -p1 -b .bigendian
-
+%patch1 -p1 -b .CVE-2026-27622
 
 %build
 %configure --disable-static
@@ -91,6 +93,9 @@ make %{?_smp_mflags} check ||:
 
 
 %changelog
+* Tue Apr 14 2026 Josef Ridky <jridky@redhat.com> - 2.2.0-12.1
+- fix CVE-2026-27622
+
 * Tue Dec 15 2020 Owen Taylor <otaylor@redhat.com> - 2.2.0-12
 - In check, don't override PKG_CONFIG_PATH from the environment (#1907528)
 

openexr-CVE-2026-27622.patch

@@ -0,0 +1,14 @@
+diff -urNp a/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp b/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp
+--- a/IlmImf/ImfCompositeDeepScanLine.cpp	2026-03-26 08:27:58.855705716 +0100
++++ b/IlmImf/ImfCompositeDeepScanLine.cpp	2026-03-26 08:32:52.955196547 +0100
+@@ -462,6 +462,10 @@ CompositeDeepScanLine::readPixels(int st
+        num_sources[ptr]=0;
+        for(size_t j=0;j<parts;j++)
+        {
++          if (total_sizes[ptr] > std::numeric_limits<unsigned int>::max() - counts[j][ptr])
++              throw IEX_NAMESPACE::ArgExc (
++                  "Cannot composite scanline: pixel cannot have more than UINT_MAX samples");
++
+           total_sizes[ptr]+=counts[j][ptr];
+           if(counts[j][ptr]>0) num_sources[ptr]++;
+        }