Mageia Bugzilla – Attachment 8654 Details for
Bug 19739
python-pillow new security issues CVE-2016-9189 and CVE-2016-9190
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Possible PoC test script for CVE-2016-9189
test_map.py (text/x-python), 864 bytes, created by
Len Lawrence
on 2016-11-13 10:39:56 CET
(
hide
)
Description:
Possible PoC test script for CVE-2016-9189
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2016-11-13 10:39:56 CET
Size:
864 bytes
patch
obsolete
> ># https://github.com/python-pillow/Pillow/tree/master/Tests/images/l2rgb_read.bmp >from helper import PillowTestCase, unittest > >from PIL import Image > >class TestMap(PillowTestCase): > def test_overflow(self): > # There is the potential to overflow comparisons in map.c > # if there are > SIZE_MAX bytes in the image or if > # the file encodes an offset that makes > # (offset + size(bytes)) > SIZE_MAX > > # Note that this image triggers the decompression bomb warning: > max_pixels = Image.MAX_IMAGE_PIXELS > Image.MAX_IMAGE_PIXELS = None > > # This image hits the offset test. > im = Image.open('/home/lcl/qa/python/l2rgb_read.bmp') > with self.assertRaises((ValueError, MemoryError)): > im.load() > > Image.MAX_IMAGE_PIXELS = max_pixels > > >if __name__ == '__main__': > unittest.main()
# https://github.com/python-pillow/Pillow/tree/master/Tests/images/l2rgb_read.bmp from helper import PillowTestCase, unittest from PIL import Image class TestMap(PillowTestCase): def test_overflow(self): # There is the potential to overflow comparisons in map.c # if there are > SIZE_MAX bytes in the image or if # the file encodes an offset that makes # (offset + size(bytes)) > SIZE_MAX # Note that this image triggers the decompression bomb warning: max_pixels = Image.MAX_IMAGE_PIXELS Image.MAX_IMAGE_PIXELS = None # This image hits the offset test. im = Image.open('/home/lcl/qa/python/l2rgb_read.bmp') with self.assertRaises((ValueError, MemoryError)): im.load() Image.MAX_IMAGE_PIXELS = max_pixels if __name__ == '__main__': unittest.main()
View Attachment As Raw
Actions:
View
Attachments on
bug 19739
: 8654 |
8656
|
8659
|
8672