Описание
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.
Отчет
This vulnerability was rated as Important by the Red Hat Product Security Engineer. An attacker may leverage that by crafting a malicious DDS image bigger than 64k (when encoded). This happens because of the lack of size checking when writing the image data into an internal buffer. When successfully exploited, this vulnerability may lead to a local arbitrary code execution within the user privileges similar to the ones for the user running the application or a denial of service for the application consuming the Pillow library.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-service-api-rhel9 | Not affected | ||
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-cuda-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-rocm-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/ansible-dev-tools-rhel8 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3. ...
Pillow vulnerability can cause write buffer overflow on BCn encoding
Уязвимость библиотеки для работы с изображениями Pillow, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код
EPSS
7.1 High
CVSS3