Login Sign Up

CVE-2020-35653

7.1 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in Pillow's PCX file decoder allows attackers to read beyond allocated memory buffers when processing malicious PCX files. It affects applications using Pillow to handle PCX images, potentially leading to information disclosure or crashes. Any system using vulnerable Pillow versions for image processing is at risk.

💻 Affected Systems

Products:
  • Pillow (Python Imaging Library fork)
Versions: All versions before 8.1.0
Operating Systems: All operating systems running Python with Pillow
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems that process PCX files through Pillow's PcxDecode functionality

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Pillow by Python

View all CVEs affecting Pillow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption leading to complete system compromise

🟠

Likely Case

Application crash (denial of service) or information disclosure from memory

🟢

If Mitigated

Application crash with no data loss if proper sandboxing exists

🌐 Internet-Facing: MEDIUM - Requires user to upload malicious PCX files, but many web applications accept image uploads
🏢 Internal Only: LOW - Requires internal users to process malicious files, less common attack vector

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious PCX file with manipulated stride values

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.0 and later

Vendor Advisory: https://pillow.readthedocs.io/en/stable/releasenotes/index.html

Restart Required: No

Instructions:

1. Update Pillow using pip: 'pip install --upgrade pillow>=8.1.0'
2. Verify installation: 'pip show pillow'
3. Test PCX file processing functionality

🔧 Temporary Workarounds

Disable PCX file processing

all

Configure application to reject or not process PCX files

# Application-specific configuration required

Input validation for image files

all

Implement strict validation for uploaded image files before processing

# Implement file type validation in application code

🧯 If You Can't Patch

  • Implement strict file upload restrictions to block PCX files
  • Run vulnerable applications in sandboxed/containerized environments with limited permissions

🔍 How to Verify

Check if Vulnerable:

Check Pillow version: 'python -c "import PIL; print(PIL.__version__)"' or 'pip show pillow'

Check Version:

python -c "import PIL; print(PIL.__version__)"

Verify Fix Applied:

Confirm version is 8.1.0 or higher using version check command

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing image files
  • Memory access violation errors in logs
  • Unusual PCX file uploads

Network Indicators:

  • Multiple PCX file upload attempts
  • Unusual file upload patterns to image processing endpoints

SIEM Query:

source=application_logs ("PIL" OR "Pillow") AND ("crash" OR "segmentation fault" OR "memory error") AND "PCX"

📊 Metadata

CVE ID: CVE-2020-35653
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE: CWE-125
Published: January 12, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35653, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)