- pillow
- imagecms
- heap
- exploitarium
news
Pillow 12.3.0 ImageCmsTransform output_mode OOB Write
Mutating transform.output_mode after RGB→RGBA build allocates L image while LittleCMS copies 4-byte stride — heap OOB write in _imagingcms.
Summary
Pillow 12.3.0 stores mutable input_mode and output_mode on the Python ImageCmsTransform wrapper while the underlying LittleCMS C transform retains the original RGB→RGBA layout. Changing transform.output_mode to L before ImageCms.applyTransform() allocates a 4096-byte output buffer but pyCMScopyAux() still writes auxiliary channels at 4 bytes per pixel — a heap buffer overflow confirmed under AddressSanitizer. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.
Key Findings
| Finding | Detail |
|---|---|
| Product / target | Pillow 12.3.0 with LittleCMS2 (_imagingcms) |
| Primitive | Python wrapper mode mutation diverges from C transform output format |
| Impact | Heap out-of-bounds write from ordinary ImageCms.applyTransform() API calls; process abort on glibc heap check. |
Attack Chain
buildTransform RGB→RGBA → mutate output_mode to L → applyTransform → pyCMScopyAux writes 3 bytes past 4096-byte allocation
Mitigation
Validate destination image size against cmsGetTransformOutputFormat() in C; make wrapper mode metadata immutable; do not rely on mutable Python attributes for native bounds checks.