CVE-2020-10177
Out-of-bounds Read vulnerability in pillow (PyPI)
What is CVE-2020-10177 About?
Pillow before 7.1.0 has multiple out-of-bounds reads in `libImaging/FliDecode.c`. This can lead to information disclosure or denial of service through improper memory access. Exploitation is moderately challenging, requiring specifically crafted input.
Affected Software
Technical Details
The vulnerability in Pillow (versions prior to 7.1.0) involves multiple out-of-bounds read vulnerabilities located within the libImaging/FliDecode.c component. This occurs when the application decodes malformed FLI (FLIC) animation files. Specifically, improper validation of input data or incorrect index calculations leads to instances where the program attempts to read data from memory addresses outside the boundaries of its allocated buffers. This unauthorized memory access can result in either information disclosure, where an attacker could potentially glean sensitive data from adjacent memory regions, or a denial of service, where the application crashes due to an invalid memory access.
What is the Impact of CVE-2020-10177?
Successful exploitation may allow attackers to disclose sensitive information from memory or cause a denial of service by crashing the application due to improper memory access.
What is the Exploitability of CVE-2020-10177?
Exploitation would involve providing a specially crafted FLI image file to an application utilizing a vulnerable version of Pillow. The complexity is moderate, requiring an understanding of the FLI file format and how to manipulate its structure to trigger the out-of-bounds read conditions. No authentication or privileged access is necessary, making it a remote attack vector if the application processes untrusted FLI files. The most significant risk factor is the acceptance and processing of user-supplied or untrusted FLI animation files. Special conditions would involve the precise crafting of header fields or image data within the FLI file to cause the read operation to stray beyond the intended buffer bounds.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-10177?
Available Upgrade Options
- pillow
- <7.1.0 → Upgrade to 7.1.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
- https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
- https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
- https://usn.ubuntu.com/4430-1
- https://github.com/python-pillow/Pillow/issues/4750
- https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
- https://osv.dev/vulnerability/GHSA-cqhg-xjhh-p8hf
- https://github.com/python-pillow/Pillow/commits/master/src/libImaging
- https://usn.ubuntu.com/4430-1/
- https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
What are Similar Vulnerabilities to CVE-2020-10177?
Similar Vulnerabilities: CVE-2021-25293 , CVE-2021-25290 , CVE-2020-10379 , CVE-2018-19605 , CVE-2019-16781
