Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps
Vulnerability Description
psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the way to the user, crashing psd.composite() and psd-tools export. decompress() already had a fallback that replaces failed channels with black pixels when result is None, but it never triggered because the ValueError from decode_rle() was not caught. The fix in version 1.12.2 wraps the decode_rle() call in a try/except so the existing fallback handles the error gracefully.
CVSS Information
N/A
Vulnerability Type
对高度压缩数据的处理不恰当(数据放大攻击)
Vulnerability Title
psd-tools 安全漏洞
Vulnerability Description
psd-tools是psd-tools开源的一款用于读取Adobe Photoshop PSD文件的Python包。 psd-tools 1.12.2之前版本存在安全漏洞,该漏洞源于处理包含格式错误的RLE压缩图像数据的PSD文件时,decode_rle()引发的ValueError未捕获,可能导致崩溃。
CVSS Information
N/A
Vulnerability Type
N/A