CVE-2026-59205:
Python 취약성 분석 및 완화
개요
CVE-2026-59205 is a controlled heap out-of-bounds write vulnerability in Pillow's ImageCms.ImageCmsTransform.apply() API, affecting all versions prior to 12.3.0. The flaw allows an attacker to trigger native heap corruption by supplying an output image whose color mode does not match the transform's declared output mode (e.g., passing an L-mode image to an RGBA→RGBA transform). It was disclosed on July 7, 2026 via a GitHub Security Advisory and assigned CVE on July 14, 2026. The vulnerability carries a CVSS v3.1 base score of 7.5 (High) (GitHub Advisory).
기술적 세부 사항
The root cause is an out-of-bounds write (CWE-787) in Pillow's ImageCms.py and its underlying C extension _imagingcms.c. When ImageCmsTransform.apply(im, imOut) is called with a caller-supplied imOut, Pillow validates only that the output image dimensions are at least as large as the input — it does not verify that imOut.mode matches the transform's declared output mode. The C wrapper pyCMSdoTransform() then passes the mismatched output row pointer directly to LittleCMS's cmsDoTransform(), which writes data sized for the transform's declared mode (e.g., 4 bytes/pixel for RGBA) into a buffer allocated for the actual image mode (e.g., 1 byte/pixel for L). For a width-4096 image, this results in approximately 12,288 bytes written past the end of each row buffer. The vulnerability is exploitable over the network without authentication or user interaction in applications that accept untrusted image processing parameters (GitHub Advisory, Patch PR).
영향
Successful exploitation causes controlled native heap corruption, which at minimum results in application crash and denial of service. The advisory demonstrates that attacker-controlled source pixel bytes are written out-of-bounds, with gdb analysis showing the faulting pointer value directly reflecting the pixel pattern (e.g., 0x4443424144434241 from pixels ABCDABCD), indicating potential for memory corruption primitives beyond simple DoS. Applications are at risk if untrusted users can influence the imOut argument passed to ImageCmsTransform.apply() or control ICC color transform parameters. There is no confidentiality or integrity impact assessed in the current CVSS scoring, but the controlled nature of the write leaves open the possibility of further exploitation in specific runtime environments (GitHub Advisory).
착취 단계
- Identify a vulnerable target: Locate an application using Pillow < 12.3.0 that exposes image processing functionality accepting user-controlled parameters, particularly ICC color profile transforms via
ImageCms. - Craft a mismatched output image: Create an input image in a multi-byte-per-pixel mode (e.g., RGBA) and an output image in a single-byte-per-pixel mode (e.g., L) with matching dimensions.
- Build a color transform: Use
ImageCms.buildTransform()to create a transform matching the input image's mode (e.g., RGBA→RGBA). - Trigger the vulnerable API: Call
transform.apply(im, out)whereoutis the mismatched-mode image. Pillow skips mode validation and passes the undersized output buffer to LittleCMS. - Heap corruption occurs: LittleCMS writes 4 bytes/pixel into a 1 byte/pixel buffer, overflowing each row by
3 * widthbytes. At width=8, heap metadata is corrupted; at width=4096, ~12,288 bytes are written past each row, causing a crash or potential further memory corruption.
from PIL import Image, ImageCms
srgb = ImageCms.createProfile("sRGB")
transform = ImageCms.buildTransform(srgb, srgb, "RGBA", "RGBA")
im = Image.new("RGBA", (8, 1), (0x41, 0x42, 0x43, 0x44))
out = Image.new("L", (8, 1), 0)
transform.apply(im, out) # triggers heap corruption타협의 징후
- Logs: Application crash logs or Python tracebacks referencing
ImageCms.pyapply()or_imagingcmswithfree(): invalid next size,Aborted (core dumped), orSIGSEGVsignals from the Python process. - Process: Unexpected termination (segfault or abort) of Python processes running image processing workloads; core dump files generated by the Python interpreter in the working directory.
- File System: Core dump files (e.g.,
core,core.<pid>) in the application working directory following crashes in Pillow-based services. - Network: Unusual or repeated requests to image processing endpoints with ICC profile transform parameters, particularly from automated or scripted sources (GitHub Advisory).
완화 및 해결 방법
Upgrade Pillow to version 12.3.0 or later, which adds explicit mode validation in ImageCmsTransform.apply() — raising a ValueError if im.mode != self.input_mode or imOut.mode != self.output_mode before any native code is invoked (Pillow Release, Patch Commit). As a short-term workaround for applications that cannot immediately upgrade, add input validation to ensure the output image's color mode matches the transform's declared output mode before calling ImageCmsTransform.apply(). Applications that do not expose ImageCms transform functionality to untrusted user input are at significantly reduced risk.
추가 자료
근원: 이 보고서는 AI를 사용하여 생성되었습니다.
관련 Python 취약점:
무료 취약성 평가
클라우드 보안 태세를 벤치마킹합니다
9개의 보안 도메인에서 클라우드 보안 관행을 평가하여 위험 수준을 벤치마킹하고 방어의 허점을 식별합니다.
추가 Wiz 리소스
맞춤형 데모 받기
맞춤형 데모 신청하기
"내가 본 최고의 사용자 경험은 클라우드 워크로드에 대한 완전한 가시성을 제공합니다."
"Wiz는 클라우드 환경에서 무슨 일이 일어나고 있는지 볼 수 있는 단일 창을 제공합니다."
"우리는 Wiz가 무언가를 중요한 것으로 식별하면 실제로 중요하다는 것을 알고 있습니다."