CVE-2020-10378
Out-of-bounds Read vulnerability in pillow (PyPI)
What is CVE-2020-10378 About?
This vulnerability within Pillow's `libImaging/PcxDecode.c` allows an out-of-bounds read when processing crafted PCX files. This can lead to application crashes (denial of service) or potentially information disclosure. Exploiting this flaw requires providing a malformed PCX image and is moderately complex.
Affected Software
- pillow
- <7.1.0
- <6a83e4324738bb0452fbe8074a995b1c73f08de7
Technical Details
The vulnerability resides in the libImaging/PcxDecode.c component of Pillow, which is responsible for decoding PCX image files. Specifically, when processing a specially crafted PCX file, the state->shuffle operation can be instructed to read data beyond the boundary of state->buffer. This 'out-of-bounds read' means the program attempts to access memory outside its allocated region. Such an operation can cause the application to crash, leading to a denial of service. Depending on the memory layout and the location of the out-of-bounds read, it could also potentially lead to the disclosure of sensitive information from adjacent memory regions, or contribute to further exploitation such as arbitrary code execution by providing memory layout information or bypassing ASLR.
What is the Impact of CVE-2020-10378?
Successful exploitation may allow attackers to cause application crashes, resulting in a denial of service, or potentially lead to information disclosure.
What is the Exploitability of CVE-2020-10378?
Exploitation involves a moderate level of complexity, as it requires crafting a malformed PCX image file that specifically triggers the out-of-bounds read condition. No authentication or elevated privileges are typically required for an attacker. The vulnerability can be exploited remotely if the target application processes untrusted PCX files, for example, through image upload functionalities. The main prerequisite is the ability to submit a crafted PCX file to an application that uses the vulnerable Pillow version. Systems that handle user-provided image data are at higher risk, especially if they do not perform thorough validation of image headers and structures before decoding.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-10378?
Available Upgrade Options
- pillow
- <7.1.0 → Upgrade to 7.1.0
- pillow
- <6a83e4324738bb0452fbe8074a995b1c73f08de7 → Upgrade to 6a83e4324738bb0452fbe8074a995b1c73f08de7
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
- https://usn.ubuntu.com/4430-1
- https://github.com/python-pillow/Pillow/issues/4750
- https://github.com/python-pillow/Pillow/commits/master/src/libImaging
- https://usn.ubuntu.com/4430-1/
- https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
- https://osv.dev/vulnerability/PYSEC-2020-77
- https://nvd.nist.gov/vuln/detail/CVE-2020-10378
- https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
- https://github.com/python-pillow/Pillow/pull/4538
What are Similar Vulnerabilities to CVE-2020-10378?
Similar Vulnerabilities: CVE-2021-25287 , CVE-2021-25288 , CVE-2020-10994 , CVE-2018-19702 , CVE-2019-1010080
