OpenEXR

OpenEXR provides the specification and reference implementation of the EXR file format, the professional-grade image storage format of the motion picture industry.

The purpose of EXR format is to accurately and efficiently represent high-dynamic-range scene-linear image data. This is a significant difference to most image formats, which store images that are ready for display. Software that handles OpenEXR images may need to process them differently to images in other formats such as JPEG (see Scene-Linear Image Representation for more details). OpenEXR files have strong support for multi-part, multi-channel use cases, and extensive representation of associated metadata.

OpenEXR is widely used in host application software where accuracy is critical, such as photorealistic rendering, texture access, image compositing, deep compositing, and DI.

OpenEXR is a project of the Academy Software Foundation.

Latest News

_images/news.png

November 4, 2025 - OpenEXR 3.4.3 Released

Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data.

Specifically:

  • Buffer overflow in PyOpenEXR_old’s channels() and channel() in legacy python, reported by Joshua Rogers (GitHub: MegaManSec).

  • Use after free in PyObject_StealAttrString in legacy python, reported by Joshua Rogers (GitHub: MegaManSec).

  • Use of Uninitialized Memory in openexr, reported by Aldo Ristori (GitHub: Kaldreic).

  • Heap-based Buffer Overflow Remote Code Execution Vulnerability, reported by Trend Micro Zero Day Initiative.

Also:

  • OSS-fuzz 456158449 Heap-buffer-overflow in generic_unpack

  • OSS-fuzz 447429458 Heap-buffer-overflow in DwaCompressor_uncompress

  • OSS-fuzz 439237843 Heap-buffer-overflow in internal_exr_undo_ht

  • OSS-fuzz 436037111 Heap-buffer-overflow in generic_unpack

  • OSS-fuzz 435779241 Heap-buffer-overflow in generic_unpack

  • OSS-fuzz 420744464 Abrt in __cxxabiv1::failed_throw

Other fixes:

  • Fix a bug with re-reading a scanline file with a different set of channels.

  • Only populate CMAKE_DEBUG_POSTFIX with _d if it is undefined, which makes it possible to set CMAKE_DEBUG_POSTFIX=””.

This version also bumps the auto-fetched version of OpenJPH to 0.24.5. OpenJPH 0.24.5 addresses these OSS-Fuzz issues:

  • OSS-fuzz 456837230 Crash in ojph::local::param_cod::~param_cod

  • OSS-fuzz 456248580 Null-dereference READ in ojph::local::param_cod::~param_cod

  • OSS-fuzz 455374208 Floating-point-exception in ojph::local::tile::pre_alloc

  • OSS-fuzz 444963190 Index-out-of-bounds in ojph::local::param_qcd::read_qcc

  • OSS-fuzz 444889300 Heap-buffer-overflow in ojph::mem_infile::read

  • OSS-fuzz 444878558 Segv on unknown address in ojph::local::param_qcd::~param_qcd

  • OSS-fuzz 444878557 Null-dereference READ in ojph::local::param_qcd::~param_qcd

Full changelog: [v3.4.2..v3.4.3]

Imath

The OpenEXR project includes Imath, a basic, light-weight, and efficient C++ representation of 2D and 3D vectors and matrices and other simple but useful mathematical objects, functions, and data types common in computer graphics applications, including the half 16-bit floating-point type.

Imath also includes optional python bindings for all types and functions, including optimized implementations of vector and matrix arrays.

Quick Start

You can install OpenEXR using package managers or build the library yourself from the source on github following the compile instructions

For a simple program that uses the C++ API to read and write a .exr file, see the Hello, World examples.

Community

Resources