Process memory corruption in Apple ImageIO image parsing

This repository is a small proof-of-concept for CVE-2026-28990, an integer overflow in Apple's ImageIO EXR decoder (EXRReadPlugin::decodeBlockAppleEXR). It contains two code files and one README. The Python script gen_exr_trigger.py is the exploit generator: it constructs a malformed OpenEXR file by setting a large dataWindow (16384 x 65536), building a valid-looking EXR header and channel list, creating a scanline offset table where every scanline points to the same pixel block, and appending a single oversized scanline payload filled with 0x41 bytes. The intended effect is to make the vulnerable decoder compute a wrapped buffer size, allocate too little memory, then overflow the heap when consuming the supplied pixel data. The Objective-C file exr_parser.m is a local harness rather than the vulnerability itself. It loads an image file from a user-provided path using NSData dataWithContentsOfFile, creates a CGImageSource via ImageIO, decodes the first image, then draws it into a bitmap context using CoreGraphics. This forces the vulnerable parsing/rendering path and demonstrates the crash. It prints width/height and disables acceleration via CGRenderingStateSetAllowsAcceleration before drawing, likely to make behavior more deterministic during testing. There are no network callbacks, C2 features, or remote delivery mechanisms in the code. The attack vector is a malicious file processed locally or by any application using the vulnerable ImageIO EXR parsing path. The repository is clearly a PoC and not weaponized: it demonstrates crash-capable heap corruption via a crafted file, but does not include code execution primitives, shell payloads, persistence, or automation beyond file generation and local parsing.