OpenEXR/openexr-CVE-2026-27622.patch

diff -urNp a/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp b/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp
--- a/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp	2026-03-26 08:27:58.855705716 +0100
+++ b/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp	2026-03-26 08:32:52.955196547 +0100
@@ -462,6 +462,10 @@ CompositeDeepScanLine::readPixels(int st
        num_sources[ptr]=0;
        for(size_t j=0;j<parts;j++)
        {
+          if (total_sizes[ptr] > std::numeric_limits<unsigned int>::max() - counts[j][ptr])
+              throw IEX_NAMESPACE::ArgExc (
+                  "Cannot composite scanline: pixel cannot have more than UINT_MAX samples");
+
           total_sizes[ptr]+=counts[j][ptr];
           if(counts[j][ptr]>0) num_sources[ptr]++;
        }