Kimball Thurston

3 exploits Active since Dec 2020
CVE-2020-16587 WRITEUP MEDIUM WRITEUP
Openexr - Out-of-Bounds Write
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
CVSS 5.5
CVE-2025-48071 WRITEUP HIGH WRITEUP
Openexr < 3.3.3 - Heap Buffer Overflow
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
CVSS 7.8
CVE-2025-48072 WRITEUP CRITICAL WRITEUP
Openexr < 3.3.3 - Out-of-Bounds Read
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
CVSS 9.1