Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700

Merged
merged 5 commits into from Oct 29, 2022

Conversation

hugovk
Copy link
Member

@hugovk hugovk commented Oct 29, 2022

A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding.

This was introduced in Pillow 9.2.0, found with OSS-Fuzz and fixed by limiting SAMPLESPERPIXEL to the number of planes that we can decode.

wiredfool and others added 5 commits October 29, 2022 12:06
A large value in the SAMPLESPERPIXEL tag could lead to a memory and
runtime DOS in TiffImagePlugin.py when setting up the context for
image decoding.
Tests/test_file_tiff.py::TestFileTiff::test_oom[Tests/images/oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif]
  PIL/TiffImagePlugin.py:850: UserWarning: Corrupt EXIF data.  Expecting to read 12 bytes but only got 6. 
    warnings.warn(str(msg))

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
@hugovk hugovk added this to the 9.3.0 milestone Oct 29, 2022
@radarhere radarhere added the TIFF label Oct 29, 2022
@hugovk hugovk merged commit 2444cdd into python-pillow:main Oct 29, 2022
60 checks passed
@hugovk hugovk deleted the security-samples_per_pixel-sec branch October 29, 2022 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants