imgaug BackgroundAugmenter Class Insecure Deserialization Vulnerability Allowing Arbitrary Code Execution

A vulnerability allowing insecure deserialization has been identified in the imgaug library, specifically in versions through 0.4.0. The issue resides in the BackgroundAugmenter class within the multicore.py module. This vulnerability arises because the class utilizes Python's pickle module to deserialize data from a multiprocessing queue in the _augment_images_worker() method, without implementing any safety checks. An attacker who can manipulate the data sent to this queue—potentially through social engineering, malicious input scripts, or a compromised shared queue—could inject a harmful pickle payload. Once deserialized, this payload has the capability to execute arbitrary code within the worker process, leading to either remote or local code execution, depending on the deployment scenario.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the context of the affected worker process.

Reproduction

To reproduce this vulnerability, first, ensure that the imgaug library is installed and that a version prior to 0.4.0 is being used. The vulnerability can be triggered by creating a multiprocessing queue and placing a malicious pickle payload into the queue. This can be done through social engineering or by compromising a shared queue. Once the malicious payload is in the queue, it can be processed by the BackgroundAugmenter class's _augment_images_worker() method, which will deserialize the payload and execute the injected code.