Kimball Thurston

3 exploits Active since Dec 2020
CVE-2020-16587 WRITEUP MEDIUM WRITEUP
OpenEXR 2.3.0 - Heap-Based Buffer Overflow in Chunk Offset Reconstruction
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
CVSS 5.5
CVE-2025-48071 WRITEUP HIGH WRITEUP
OpenEXR 3.3.0-3.3.2 - Heap-based Buffer Overflow via ZIPS-packed Deep Scan-line EXR Chunk Header
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
CVSS 7.8
CVE-2025-48072 WRITEUP CRITICAL WRITEUP
OpenEXR 3.3.2 - Heap-Based Buffer Overflow via DWAA-Packed Scan-Line EXR File Decompression
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
CVSS 9.1