Patch release for v3.2 that addresses the following security vulnerabilities:
- CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write
- CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
- CVE-2026-34544 integer overflow to OOB write in uncompress_b44_impl()
- CVE-2026-34543 Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)
- CVE-2026-34380 Signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression
- CVE-2026-34379 Misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)