CVE-2020-11538
Out-of-bounds Read vulnerability in pillow (PyPI)
What is CVE-2020-11538 About?
This is an Out-of-bounds Read vulnerability in Pillow through 7.0.0, located in `libImaging/SgiRleDecode.c`. It affects the parsing of SGI image files, enabling attackers to trigger it by providing a malformed SGI image. This can lead to application crashes or information disclosure.
Affected Software
Technical Details
The vulnerability is an out-of-bounds read present in libImaging/SgiRleDecode.c within the Pillow library, affecting versions up to 7.0.0. When parsing SGI image files, the SGI RLE (Run Length Encoded) decoder performs improper boundary checks while decompressing or accessing pixel data. An attacker can craft a malformed SGI image file that causes the decoder to read data from memory locations outside the intended buffer. This unauthorized memory access typically leads to a program crash (denial of service). In some scenarios, it could also allow an attacker to read potentially sensitive data from memory adjacent to the image buffer, if the memory layout is predictable and contains such information.
What is the Impact of CVE-2020-11538?
Successful exploitation may allow attackers to cause a denial of service by crashing the application, or potentially lead to information disclosure by reading sensitive data from adjacent memory locations.
What is the Exploitability of CVE-2020-11538?
Exploitation of this vulnerability requires furnishing a specially crafted SGI image file to an application that processes such files using the vulnerable Pillow library. The complexity is medium, as it necessitates an understanding of the SGI file format and how to trigger the out-of-bounds read within the decoding process. There are no explicit authentication or privilege requirements. If an application accepts and processes untrusted image files, this could be a remote attack. Otherwise, it would be a local attack. The primary prerequisite is the ability to provide a maliciously constructed SGI file for decoding.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-11538?
Available Upgrade Options
- pillow
- <7.1.0 → Upgrade to 7.1.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/python-pillow/Pillow/pull/4504
- https://usn.ubuntu.com/4430-1
- https://pillow.readthedocs.io/en/stable/releasenotes/index.html
- https://usn.ubuntu.com/4430-1/
- https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
- https://github.com/python-pillow/Pillow/pull/4538
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
- https://github.com/advisories/GHSA-43fq-w8qq-v88h
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
- https://osv.dev/vulnerability/PYSEC-2020-80
What are Similar Vulnerabilities to CVE-2020-11538?
Similar Vulnerabilities: CVE-2021-25291 , CVE-2022-22816 , CVE-2021-27923 , CVE-2022-22817 , CVE-2022-22815
