5 matches found
CVE-2026-59205 Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.applyim, imOut API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0...
PT-2026-58092
Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The ImageCms.ImageCmsTransform.applyim, imOut API can trigger controlled native heap corruption. This occurs when the caller provides an output image whose mode is inconsistent with the transform's...
PT-2025-18894 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified where the disk scan partitions function is called with 'FMODE EXCL', but blkdev get by dev is called without 'FMODE EXCL'. As a result,...
Windows Exploitation Tricks: Spoofing Named Pipe Client PID
Posted by James Forshaw, Project Zero While researching the Access Mode Mismatch in IO Manager bug class I came across an interesting feature in named pipes which allows a server to query the connected clients PID. This feature was introduced in Vista and is exposed to servers through the...
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and what I did to try to get it fixed with our partners at Microsoft. The maximum impact of the bug class is local privilege escalation if kernel and driver developers...