CVE-2024-28219
python-pillow: buffer overflow in _imagingcms.c
Severity Score
Exploit Likelihood
Affected Versions
23Public Exploits
0Exploited in Wild
-Decision
Descriptions
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
En _imagingcms.c en Pillow anterior a 10.3.0, existe un desbordamiento del bĂșfer porque se usa strcpy en lugar de strncpy.
A flaw was found in Pillow. The cms_transform_new function in src/_imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service.
USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Pillow in Ubuntu 20.04 LTS. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-03-07 CVE Reserved
- 2024-04-03 CVE Published
- 2024-08-20 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2024/04/m... | Mailing List |
|
| https://pillow.readthedocs.io/en/stable/releasenotes/1... |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|