CVE-2026-59204:
Homebrew 취약성 분석 및 완화
개요
CVE-2026-59204 is a denial-of-service vulnerability in Pillow, the Python imaging library, caused by improper accumulation of total_component_width across JPEG2000 tiles during decoding. Affecting versions 8.2.0 through 12.2.0, a crafted tiled JPEG2000 file can force substantially higher transient memory usage and trigger out-of-memory failures. The vulnerability was reported by researcher "Brubbish," disclosed via GitHub Security Advisory GHSA-vjc4-5qp5-m44j on July 7, 2026, and fixed in Pillow 12.3.0. It carries a CVSS v3.1 base score of 7.5 (High) and a CVSS v4.0 base score of 8.7 (High) (GitHub Advisory).
기술적 세부 사항
The root cause lies in src/libImaging/Jpeg2KDecode.c, where total_component_width is initialized once before the tile-processing loop and never reset between iterations (CWE-770: Allocation of Resources Without Limits or Throttling; CWE-789: Memory Allocation with Excessive Size Value). As each tile is decoded, total_component_width accumulates the component widths of all prior tiles, causing tile_bytes to grow unboundedly and state->buffer to be expanded via realloc to roughly the full decompressed image size — even when individual tiles are small. The fix, merged in PR #9704, moves the int total_component_width = 0; declaration inside the tile loop so it is recomputed per tile (GitHub PR, Patch Commit). Any code path that calls Image.open(...).load() on an attacker-controlled JPEG2000 file reaches this vulnerable code without authentication or special privileges.
영향
Successful exploitation causes denial of service through memory exhaustion during JPEG2000 image decoding. An unauthenticated remote attacker can submit a specially crafted tiled JPEG2000 file to any service that processes images with Pillow, causing the process to consume excessive memory and crash with an out-of-memory error. There is no evidence of confidentiality or integrity impact; the supported impact is availability loss only (GitHub Advisory).
착취 단계
- Craft the malicious JPEG2000 file: Using the publicly available PoC helper script, generate a tiled JPEG2000 image with many tiles:
python exercise_j2k_tile_realloc.py make poc_3664_rgba_tile1832.jp2 --size 3664 --tile 1832. This creates a 3664×3664 RGBA image with 2×2 tiles (1832×1832 each). - Deliver the file to the target: Upload or submit the crafted
.jp2file to any web application, API endpoint, or service that uses Pillow to process user-supplied images (e.g., image upload, thumbnail generation, format conversion). - Trigger decoding: The target application calls
Image.open('poc_3664_rgba_tile1832.jp2').load(), which invokes the vulnerable JPEG2000 decoder insrc/libImaging/Jpeg2KDecode.c. - Memory exhaustion: As each tile is decoded,
total_component_widthaccumulates without reset, causingtile_bytesand the internalstate->bufferto grow to the full decompressed image size. On a system with limited memory, this triggers an out-of-memory failure and crashes the Pillow process. - Confirm denial of service: Optionally verify under a memory cap:
python exercise_j2k_tile_realloc.py load poc_3664_rgba_tile1832.jp2 --limit-mb 160— the process will fail with an OOM error on vulnerable builds (GitHub Advisory).
타협의 징후
- Logs: Application or system logs showing out-of-memory (OOM) errors or process crashes coinciding with JPEG2000 image processing; Python tracebacks referencing
Jpeg2KDecode.cor Pillow's JPEG2000 decoder. - File System: Presence of unexpected
.jp2files in upload directories, temporary folders, or processing queues, particularly files with many tiles and large dimensions relative to tile size. - Process: Sudden spike in memory consumption by the Python/Pillow process immediately before a crash; repeated process restarts of image-processing workers or web application workers.
- Network: Repeated uploads of
.jp2files from the same source IP, especially if the files are structurally similar (same dimensions/tile configuration) and consistently cause service disruption.
완화 및 해결 방법
The primary remediation is to upgrade Pillow to version 12.3.0 or later, which resets total_component_width per tile in the JPEG2000 decoder (Pillow Release). If immediate patching is not feasible, implement input validation to reject or restrict processing of JPEG2000 (.jp2) files from untrusted sources, or enforce memory limits on image-processing workers to contain the impact of an OOM event. Monitoring and auto-restarting image-processing services can reduce availability impact until patching is complete.
추가 자료
근원: 이 보고서는 AI를 사용하여 생성되었습니다.
관련 Homebrew 취약점:
무료 취약성 평가
클라우드 보안 태세를 벤치마킹합니다
9개의 보안 도메인에서 클라우드 보안 관행을 평가하여 위험 수준을 벤치마킹하고 방어의 허점을 식별합니다.
추가 Wiz 리소스
맞춤형 데모 받기
맞춤형 데모 신청하기
"내가 본 최고의 사용자 경험은 클라우드 워크로드에 대한 완전한 가시성을 제공합니다."
"Wiz는 클라우드 환경에서 무슨 일이 일어나고 있는지 볼 수 있는 단일 창을 제공합니다."
"우리는 Wiz가 무언가를 중요한 것으로 식별하면 실제로 중요하다는 것을 알고 있습니다."