CVE-2026-59204
Homebrew Analisi e mitigazione delle vulnerabilità

Panoramica

CVE-2026-59204 is a denial-of-service vulnerability in Pillow, the Python imaging library, caused by improper accumulation of total_component_width across JPEG2000 tiles during decoding. Affecting versions 8.2.0 through 12.2.0, a crafted tiled JPEG2000 file can force substantially higher transient memory usage and trigger out-of-memory failures. The vulnerability was reported by researcher "Brubbish," disclosed via GitHub Security Advisory GHSA-vjc4-5qp5-m44j on July 7, 2026, and fixed in Pillow 12.3.0. It carries a CVSS v3.1 base score of 7.5 (High) and a CVSS v4.0 base score of 8.7 (High) (GitHub Advisory).

Dettagli tecnici

The root cause lies in src/libImaging/Jpeg2KDecode.c, where total_component_width is initialized once before the tile-processing loop and never reset between iterations (CWE-770: Allocation of Resources Without Limits or Throttling; CWE-789: Memory Allocation with Excessive Size Value). As each tile is decoded, total_component_width accumulates the component widths of all prior tiles, causing tile_bytes to grow unboundedly and state->buffer to be expanded via realloc to roughly the full decompressed image size — even when individual tiles are small. The fix, merged in PR #9704, moves the int total_component_width = 0; declaration inside the tile loop so it is recomputed per tile (GitHub PR, Patch Commit). Any code path that calls Image.open(...).load() on an attacker-controlled JPEG2000 file reaches this vulnerable code without authentication or special privileges.

Impatto

Successful exploitation causes denial of service through memory exhaustion during JPEG2000 image decoding. An unauthenticated remote attacker can submit a specially crafted tiled JPEG2000 file to any service that processes images with Pillow, causing the process to consume excessive memory and crash with an out-of-memory error. There is no evidence of confidentiality or integrity impact; the supported impact is availability loss only (GitHub Advisory).

Passaggi di sfruttamento

  1. Craft the malicious JPEG2000 file: Using the publicly available PoC helper script, generate a tiled JPEG2000 image with many tiles: python exercise_j2k_tile_realloc.py make poc_3664_rgba_tile1832.jp2 --size 3664 --tile 1832. This creates a 3664×3664 RGBA image with 2×2 tiles (1832×1832 each).
  2. Deliver the file to the target: Upload or submit the crafted .jp2 file to any web application, API endpoint, or service that uses Pillow to process user-supplied images (e.g., image upload, thumbnail generation, format conversion).
  3. Trigger decoding: The target application calls Image.open('poc_3664_rgba_tile1832.jp2').load(), which invokes the vulnerable JPEG2000 decoder in src/libImaging/Jpeg2KDecode.c.
  4. Memory exhaustion: As each tile is decoded, total_component_width accumulates without reset, causing tile_bytes and the internal state->buffer to grow to the full decompressed image size. On a system with limited memory, this triggers an out-of-memory failure and crashes the Pillow process.
  5. Confirm denial of service: Optionally verify under a memory cap: python exercise_j2k_tile_realloc.py load poc_3664_rgba_tile1832.jp2 --limit-mb 160 — the process will fail with an OOM error on vulnerable builds (GitHub Advisory).

Indicatori di compromesso

  • Logs: Application or system logs showing out-of-memory (OOM) errors or process crashes coinciding with JPEG2000 image processing; Python tracebacks referencing Jpeg2KDecode.c or Pillow's JPEG2000 decoder.
  • File System: Presence of unexpected .jp2 files in upload directories, temporary folders, or processing queues, particularly files with many tiles and large dimensions relative to tile size.
  • Process: Sudden spike in memory consumption by the Python/Pillow process immediately before a crash; repeated process restarts of image-processing workers or web application workers.
  • Network: Repeated uploads of .jp2 files from the same source IP, especially if the files are structurally similar (same dimensions/tile configuration) and consistently cause service disruption.

Mitigazione e soluzioni alternative

The primary remediation is to upgrade Pillow to version 12.3.0 or later, which resets total_component_width per tile in the JPEG2000 decoder (Pillow Release). If immediate patching is not feasible, implement input validation to reject or restrict processing of JPEG2000 (.jp2) files from untrusted sources, or enforce memory limits on image-processing workers to contain the impact of an OOM event. Monitoring and auto-restarting image-processing services can reduce availability impact until patching is complete.

Risorse aggiuntive


FonteQuesto report è stato generato utilizzando l'intelligenza artificiale

Imparentato Homebrew Vulnerabilità:

CVE ID

Severità

Punteggio

Tecnologie

Nome del componente

Exploit CISA KEV

Ha la correzione

Data di pubblicazione

CVE-2026-59204HIGH8.7
  • Homebrew logoHomebrew
  • pillow
NoJul 14, 2026
CVE-2026-59205HIGH7.5
  • Python logoPython
  • python-pillow
NoJul 14, 2026
CVE-2026-59203HIGH7.5
  • Python logoPython
  • pillow
NoJul 14, 2026
CVE-2026-59199HIGH7.5
  • Python logoPython
  • pillow
NoJul 14, 2026
CVE-2026-59198HIGH7.5
  • Homebrew logoHomebrew
  • pillow
NoJul 14, 2026

Valutazione gratuita delle vulnerabilità

Benchmark della tua posizione di sicurezza del cloud

Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.

Richiedi valutazione

Richiedi una demo personalizzata

Pronti a vedere Wiz in azione?

"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
David EstlickCISO (CISO)
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
Adam FletcherResponsabile della sicurezza
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."
Greg PoniatowskiResponsabile della gestione delle minacce e delle vulnerabilità