9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-10571

GHSA ID

GHSA-22jr-vc7j-g762

EPSS Score

0.61007%

CWE

CWE-754

Published

3/16/2020

Updated

10/21/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-10571

CVE-2020-10571:
Potential buffer overflow in psd-tools

Impact

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malformed PSD input data during decoding to the PIL.Image or NumPy format, leading to a Buffer Overflow.

Patches

Users of psd-tools version v1.8.37 to v1.9.3 should upgrade to v1.9.4.

Workarounds

Without Cython present on installation, buffer overflow does not occur but IndexError will be thrown. However, already installed psd-tools with Cython extention should be upgraded.

References

https://github.com/psd-tools/psd-tools/pull/198

For more information

If you have any questions or comments about this advisory:

Open an issue in psd-tools

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-10571

GHSA ID

GHSA-22jr-vc7j-g762

EPSS Score

0.61007%

CWE

CWE-754

Published

3/16/2020

Updated

10/21/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
psd-tools	pip	>= 1.8.37, < 1.9.3	1.9.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability stems from the RLE decoding functions in both Cython (_rle.pyx) and Python (rle.py) implementations. The pre-patch code in _rle.decode performed unsafe memory operations without validating:

Whether the source data buffer had sufficient bytes for the claimed RLE header length
Whether the destination buffer had enough space for the decoded output This allowed attackers to craft PSD files that overread/overwrite memory. The Python version (rle.decode) had similar logic but in pure Python, which would throw IndexError instead of buffer overflow when Cython wasn't installed. The commit diff shows critical guard clauses were added to both implementations to validate buffer boundaries.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n issu* w*s *is*ov*r** in ps*-tools ***or* *.*.*. T** *yt*on impl*m*nt*tion o* RL* ***o*in* *i* not ****k *or m*l*orm** PS* input **t* *urin* ***o*in* to t** PIL.Im*** or NumPy *orm*t, l***in* to * *u***r Ov*r*low. ### P*t***s Us*rs o* p

Reasoning

T** *or* vuln*r**ility st*ms *rom t** RL* ***o*in* *un*tions in *ot* *yt*on (_rl*.pyx) *n* Pyt*on (rl*.py) impl*m*nt*tions. T** pr*-p*t** *o** in _rl*.***o** p*r*orm** uns*** m*mory op*r*tions wit*out v*li**tin*: *. W**t**r t** sour** **t* *u***r ***

9.8

Basic Information

Concerned about an active attack path?

CVE-2020-10571: Potential buffer overflow in psd-tools

Impact

Patches

Workarounds

References

For more information

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-10571:
Potential buffer overflow in psd-tools

Vulnerability Intelligence
Miggo AI