Add decompression size limit to FITS gzip decoder

[myagmartseren]

Decompression Bomb in FITS Gzip Decoder (DoS)

Summary

FitsGzipDecoder.decode() calls gzip.decompress(self.fd.read()) with no size limit. A crafted FITS file containing a gzip bomb (~100 KB) can decompress to gigabytes, causing OOM / denial of service.

Affected Code

src/PIL/FitsImagePlugin.py, line 131:

value = gzip.decompress(self.fd.read())  # No size limit!

Impact

• A 135 KB FITS file can force allocation of 64+ MB (485x amplification)
• Larger bombs easily achieve 1000:1+ ratios (1 MB → 1 GB)
• Unlike PNG (has MAX_TEXT_CHUNK) and general images (has _decompression_bomb_check), FITS gzip has zero protection

Fix

Add a decompression size limit based on expected image dimensions:

max_expected = self.state.xsize * self.state.ysize * 4
max_decompressed = max(max_expected * 2, 1024 * 1024)
value = gzip.decompress(self.fd.read())
if len(value) > max_decompressed:
    raise ValueError(...)

Classification

• CWE-409 (Improper Handling of Highly Compressed Data)
• CVSS 3.1: 7.5 (High) — AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

[EricSoroos]

Thanks, please note our security policy: https://github.com/python-pillow/Pillow/blob/main/.github/SECURITY.md

I don't think the fix does what you expect it to do, as you're checking for the length of the data after decompression.

[radarhere]

Thanks for the thought. I agree that this doesn't fix the problem.

I'm reluctant to discuss security problems in public, but I expect that in a week or two, we will create a variation on this.