
PEACH
Un framework di isolamento del tenant
CVE-2026-59204 is a denial-of-service vulnerability in Pillow, the Python imaging library, caused by improper accumulation of total_component_width across JPEG2000 tiles during decoding. Affecting versions 8.2.0 through 12.2.0, a crafted tiled JPEG2000 file can force substantially higher transient memory usage and trigger out-of-memory failures. The vulnerability was reported by researcher "Brubbish," disclosed via GitHub Security Advisory GHSA-vjc4-5qp5-m44j on July 7, 2026, and fixed in Pillow 12.3.0. It carries a CVSS v3.1 base score of 7.5 (High) and a CVSS v4.0 base score of 8.7 (High) (GitHub Advisory).
The root cause lies in src/libImaging/Jpeg2KDecode.c, where total_component_width is initialized once before the tile-processing loop and never reset between iterations (CWE-770: Allocation of Resources Without Limits or Throttling; CWE-789: Memory Allocation with Excessive Size Value). As each tile is decoded, total_component_width accumulates the component widths of all prior tiles, causing tile_bytes to grow unboundedly and state->buffer to be expanded via realloc to roughly the full decompressed image size — even when individual tiles are small. The fix, merged in PR #9704, moves the int total_component_width = 0; declaration inside the tile loop so it is recomputed per tile (GitHub PR, Patch Commit). Any code path that calls Image.open(...).load() on an attacker-controlled JPEG2000 file reaches this vulnerable code without authentication or special privileges.
Successful exploitation causes denial of service through memory exhaustion during JPEG2000 image decoding. An unauthenticated remote attacker can submit a specially crafted tiled JPEG2000 file to any service that processes images with Pillow, causing the process to consume excessive memory and crash with an out-of-memory error. There is no evidence of confidentiality or integrity impact; the supported impact is availability loss only (GitHub Advisory).
python exercise_j2k_tile_realloc.py make poc_3664_rgba_tile1832.jp2 --size 3664 --tile 1832. This creates a 3664×3664 RGBA image with 2×2 tiles (1832×1832 each)..jp2 file to any web application, API endpoint, or service that uses Pillow to process user-supplied images (e.g., image upload, thumbnail generation, format conversion).Image.open('poc_3664_rgba_tile1832.jp2').load(), which invokes the vulnerable JPEG2000 decoder in src/libImaging/Jpeg2KDecode.c.total_component_width accumulates without reset, causing tile_bytes and the internal state->buffer to grow to the full decompressed image size. On a system with limited memory, this triggers an out-of-memory failure and crashes the Pillow process.python exercise_j2k_tile_realloc.py load poc_3664_rgba_tile1832.jp2 --limit-mb 160 — the process will fail with an OOM error on vulnerable builds (GitHub Advisory).Jpeg2KDecode.c or Pillow's JPEG2000 decoder..jp2 files in upload directories, temporary folders, or processing queues, particularly files with many tiles and large dimensions relative to tile size..jp2 files from the same source IP, especially if the files are structurally similar (same dimensions/tile configuration) and consistently cause service disruption.The primary remediation is to upgrade Pillow to version 12.3.0 or later, which resets total_component_width per tile in the JPEG2000 decoder (Pillow Release). If immediate patching is not feasible, implement input validation to reject or restrict processing of JPEG2000 (.jp2) files from untrusted sources, or enforce memory limits on image-processing workers to contain the impact of an OOM event. Monitoring and auto-restarting image-processing services can reduce availability impact until patching is complete.
Fonte: Questo report è stato generato utilizzando l'intelligenza artificiale
Valutazione gratuita delle vulnerabilità
Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.
Richiedi una demo personalizzata
"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."