CVE-2020-10379
Buffer Overflow vulnerability in pillow (PyPI)
What is CVE-2020-10379 About?
This vulnerability consists of two buffer overflows in `libImaging/TiffDecode.c` in Pillow before 7.1.0. These overflows can lead to denial of service or potentially arbitrary code execution by corrupting memory. Exploitation is moderately complex, requiring a crafted TIFF file.
Affected Software
- pillow
- <7.1.0
- <46f4a349b88915787fea3fb91348bb1665831bbb
Technical Details
The vulnerability involves two distinct buffer overflows found within the libImaging/TiffDecode.c component of Pillow. When processing specially crafted TIFF image files, the application fails to adequately validate input data sizes before writing to allocated memory buffers during the decoding process. This critical flaw allows an attacker to supply an input that causes data to be written beyond the boundaries of these buffers. This memory corruption can overwrite adjacent data structures, leading to application crashes (denial of service) or, in more sophisticated attacks, can be leveraged to achieve arbitrary code execution by corrupting control flow mechanisms like function pointers or stack return addresses. The exploitation relies on precise manipulation of TIFF file structures to trigger the overflow conditions.
What is the Impact of CVE-2020-10379?
Successful exploitation may allow attackers to achieve a denial of service by crashing the application, or potentially execute arbitrary code, compromising system integrity and availability.
What is the Exploitability of CVE-2020-10379?
Exploitation of this vulnerability requires delivering a specially crafted TIFF image file to a system or application using a vulnerable version of Pillow. The complexity is moderate; successful exploitation for arbitrary code execution would demand a deep understanding of memory layout and the specific overflow mechanics. Authentication is not typically required, as the vulnerability typically manifests during image processing workflows that often accept unauthenticated input. It's a remote attack vector if the application processes external TIFF files. The primary risk factor is the automatic or user-initiated processing of untrusted TIFF images. Special conditions involve careful manipulation of TIFF tags and data to ensure the overflow targets a sensitive memory region, which can be difficult to achieve reliably.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-10379?
Available Upgrade Options
- pillow
- <46f4a349b88915787fea3fb91348bb1665831bbb → Upgrade to 46f4a349b88915787fea3fb91348bb1665831bbb
- pillow
- <7.1.0 → Upgrade to 7.1.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/python-pillow/Pillow/issues/4750
- https://osv.dev/vulnerability/GHSA-8843-m7mw-mxqm
- https://github.com/python-pillow/Pillow/commits/master/src/libImaging
- https://github.com/advisories/GHSA-8843-m7mw-mxqm
- https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
- https://github.com/python-pillow/Pillow/pull/4538
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
- https://usn.ubuntu.com/4430-2/
- https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
What are Similar Vulnerabilities to CVE-2020-10379?
Similar Vulnerabilities: CVE-2020-35654 , CVE-2021-25289 , CVE-2021-34552 , CVE-2020-10177 , CVE-2018-19605
