Tencent TFace Deserialization Vulnerability Leading to Remote Code Execution

A remote code execution vulnerability has been identified in Tencent TFace. This issue arises from the restore_checkpoint function, where user-supplied data is not properly validated, allowing for the deserialization of untrusted data. As a result, remote attackers can execute arbitrary code on the affected system, with the executed code running in the context of the root user. Exploitation of this vulnerability requires user interaction, as the target must visit a malicious page or open a harmful file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running as the root user.

Reproduction

The vulnerability can be reproduced by using a version of Tencent TFace that is prior to the patch. The exploit involves crafting a malicious file or webpage that, when accessed by the user, triggers the deserialization of untrusted data in the restore_checkpoint function. This can be done by manipulating the data that the function processes, bypassing the lack of proper validation and executing arbitrary code on the system.

Remediation

Tencent has released a patch for this vulnerability. Users can update to the latest version of TFace to address this issue.