Skip to content

Limit SAMPLESPERPIXEL to avoid runtime DOS#6700

Merged
hugovk merged 5 commits intopython-pillow:mainfrom
hugovk:security-samples_per_pixel-sec
Oct 29, 2022
Merged

Limit SAMPLESPERPIXEL to avoid runtime DOS#6700
hugovk merged 5 commits intopython-pillow:mainfrom
hugovk:security-samples_per_pixel-sec

Conversation

@hugovk
Copy link
Copy Markdown
Member

@hugovk hugovk commented Oct 29, 2022

A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding.

This was introduced in Pillow 9.2.0, found with OSS-Fuzz and fixed by limiting SAMPLESPERPIXEL to the number of planes that we can decode.

wiredfool and others added 5 commits October 29, 2022 12:06
@wiredfool @hugovk
Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD
13f2c5a 
A large value in the SAMPLESPERPIXEL tag could lead to a memory and
runtime DOS in TiffImagePlugin.py when setting up the context for
image decoding.
@wiredfool @hugovk
Tighter test case
05b175e
@hugovk @radarhere
Hide UserWarning in logs
00b25fd 
Tests/test_file_tiff.py::TestFileTiff::test_oom[Tests/images/oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif]
  PIL/TiffImagePlugin.py:850: UserWarning: Corrupt EXIF data.  Expecting to read 12 bytes but only got 6. 
    warnings.warn(str(msg))

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
@hugovk
Fix linting
799a6a0
@hugovk
Add to release notes
0846bfa
@hugovk hugovk added this to the 9.3.0 milestone Oct 29, 2022
@radarhere radarhere added the TIFF label Oct 29, 2022
@hugovk hugovk merged commit 2444cdd into python-pillow:main Oct 29, 2022
@hugovk hugovk deleted the security-samples_per_pixel-sec branch October 29, 2022 10:16
@Lucas-C Lucas-C mentioned this pull request Dec 15, 2022
Closed
@Dawars Dawars mentioned this pull request Mar 14, 2023
Closed
@rickprice rickprice mentioned this pull request Apr 22, 2023
Merged
@G-Rath G-Rath mentioned this pull request May 17, 2023
Closed
@sync-by-unito sync-by-unito bot mentioned this pull request Aug 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

TIFF

Projects

None yet

Milestone

9.3.0

Development

Successfully merging this pull request may close these issues.

3 participants

@hugovk @radarhere @wiredfool