Pillow PDF Parsing Trailer Infinite Loop Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Pillow Python imaging library, specifically in versions 4.2.0 prior to 12.2.0. The issue arises when the PdfParser component processes malicious PDF files. The parser follows Prev pointers in PDF trailers to read cross-reference sections, but if a trailer's Prev pointer creates a loop by referencing an already processed offset, the parser can enter an infinite loop. This loop causes the application to become unresponsive, consuming 100% CPU. The vulnerability has been patched in Pillow version 12.2.0.

Impact

Exploitation of this vulnerability leads to an infinite loop in the PDF parser, causing the application to hang indefinitely, consume 100% CPU, and become unresponsive.

Reproduction

The vulnerability can be reproduced by using Pillow versions 4.2.0 to prior to 12.2.0 and supplying a PDF file that creates a trailer loop. This can be done by crafting a PDF where the Prev pointers in the trailer reference offsets that have already been processed, either pointing back to themselves or forming a cycle, which the PdfParser will follow indefinitely.

Remediation

Users can upgrade to Pillow version 12.2.0 or later to address this vulnerability.