CVE-2026-59205
Python 취약성 분석 및 완화

개요

CVE-2026-59205 is a controlled heap out-of-bounds write vulnerability in Pillow's ImageCms.ImageCmsTransform.apply() API, affecting all versions prior to 12.3.0. The flaw allows an attacker to trigger native heap corruption by supplying an output image whose color mode does not match the transform's declared output mode (e.g., passing an L-mode image to an RGBA→RGBA transform). It was disclosed on July 7, 2026 via a GitHub Security Advisory and assigned CVE on July 14, 2026. The vulnerability carries a CVSS v3.1 base score of 7.5 (High) (GitHub Advisory).

기술적 세부 사항

The root cause is an out-of-bounds write (CWE-787) in Pillow's ImageCms.py and its underlying C extension _imagingcms.c. When ImageCmsTransform.apply(im, imOut) is called with a caller-supplied imOut, Pillow validates only that the output image dimensions are at least as large as the input — it does not verify that imOut.mode matches the transform's declared output mode. The C wrapper pyCMSdoTransform() then passes the mismatched output row pointer directly to LittleCMS's cmsDoTransform(), which writes data sized for the transform's declared mode (e.g., 4 bytes/pixel for RGBA) into a buffer allocated for the actual image mode (e.g., 1 byte/pixel for L). For a width-4096 image, this results in approximately 12,288 bytes written past the end of each row buffer. The vulnerability is exploitable over the network without authentication or user interaction in applications that accept untrusted image processing parameters (GitHub Advisory, Patch PR).

영향

Successful exploitation causes controlled native heap corruption, which at minimum results in application crash and denial of service. The advisory demonstrates that attacker-controlled source pixel bytes are written out-of-bounds, with gdb analysis showing the faulting pointer value directly reflecting the pixel pattern (e.g., 0x4443424144434241 from pixels ABCDABCD), indicating potential for memory corruption primitives beyond simple DoS. Applications are at risk if untrusted users can influence the imOut argument passed to ImageCmsTransform.apply() or control ICC color transform parameters. There is no confidentiality or integrity impact assessed in the current CVSS scoring, but the controlled nature of the write leaves open the possibility of further exploitation in specific runtime environments (GitHub Advisory).

착취 단계

  1. Identify a vulnerable target: Locate an application using Pillow < 12.3.0 that exposes image processing functionality accepting user-controlled parameters, particularly ICC color profile transforms via ImageCms.
  2. Craft a mismatched output image: Create an input image in a multi-byte-per-pixel mode (e.g., RGBA) and an output image in a single-byte-per-pixel mode (e.g., L) with matching dimensions.
  3. Build a color transform: Use ImageCms.buildTransform() to create a transform matching the input image's mode (e.g., RGBA→RGBA).
  4. Trigger the vulnerable API: Call transform.apply(im, out) where out is the mismatched-mode image. Pillow skips mode validation and passes the undersized output buffer to LittleCMS.
  5. Heap corruption occurs: LittleCMS writes 4 bytes/pixel into a 1 byte/pixel buffer, overflowing each row by 3 * width bytes. At width=8, heap metadata is corrupted; at width=4096, ~12,288 bytes are written past each row, causing a crash or potential further memory corruption.
from PIL import Image, ImageCms
srgb = ImageCms.createProfile("sRGB")
transform = ImageCms.buildTransform(srgb, srgb, "RGBA", "RGBA")
im = Image.new("RGBA", (8, 1), (0x41, 0x42, 0x43, 0x44))
out = Image.new("L", (8, 1), 0)
transform.apply(im, out)  # triggers heap corruption

(GitHub Advisory)

타협의 징후

  • Logs: Application crash logs or Python tracebacks referencing ImageCms.py apply() or _imagingcms with free(): invalid next size, Aborted (core dumped), or SIGSEGV signals from the Python process.
  • Process: Unexpected termination (segfault or abort) of Python processes running image processing workloads; core dump files generated by the Python interpreter in the working directory.
  • File System: Core dump files (e.g., core, core.<pid>) in the application working directory following crashes in Pillow-based services.
  • Network: Unusual or repeated requests to image processing endpoints with ICC profile transform parameters, particularly from automated or scripted sources (GitHub Advisory).

완화 및 해결 방법

Upgrade Pillow to version 12.3.0 or later, which adds explicit mode validation in ImageCmsTransform.apply() — raising a ValueError if im.mode != self.input_mode or imOut.mode != self.output_mode before any native code is invoked (Pillow Release, Patch Commit). As a short-term workaround for applications that cannot immediately upgrade, add input validation to ensure the output image's color mode matches the transform's declared output mode before calling ImageCmsTransform.apply(). Applications that do not expose ImageCms transform functionality to untrusted user input are at significantly reduced risk.

추가 자료


근원이 보고서는 AI를 사용하여 생성되었습니다.

관련 Python 취약점:

CVE ID

심각도

점수

기술

구성 요소 이름

CISA KEV 익스플로잇

수정 사항이 있습니다.

게시된 날짜

GHSA-r3hx-x5rh-p9vvHIGH8.7
  • Python logoPython
  • django-haystack
아니요Jul 15, 2026
CVE-2026-54457HIGH7.7
  • Python logoPython
  • tensorzero
아니요Jul 15, 2026
CVE-2026-50271HIGH7.5
  • Python logoPython
  • ddtrace
아니요Jul 15, 2026
CVE-2026-54254MEDIUM6.9
  • Python logoPython
  • cyberdrop-dl-patched
아니요Jul 15, 2026
CVE-2026-53656MEDIUM6.3
  • Python logoPython
  • fiftyone
아니요Jul 15, 2026

무료 취약성 평가

클라우드 보안 태세를 벤치마킹합니다

9개의 보안 도메인에서 클라우드 보안 관행을 평가하여 위험 수준을 벤치마킹하고 방어의 허점을 식별합니다.

평가 요청

추가 Wiz 리소스

맞춤형 데모 받기

맞춤형 데모 신청하기

"내가 본 최고의 사용자 경험은 클라우드 워크로드에 대한 완전한 가시성을 제공합니다."
데이비드 에슬릭최고정보책임자(CISO)
"Wiz는 클라우드 환경에서 무슨 일이 일어나고 있는지 볼 수 있는 단일 창을 제공합니다."
아담 플레처최고 보안 책임자(CSO)
"우리는 Wiz가 무언가를 중요한 것으로 식별하면 실제로 중요하다는 것을 알고 있습니다."
그렉 포니아토프스키위협 및 취약성 관리 책임자