CVE-2026-27809: Malformed PSD Files Can Crash psd-tools — Remote DoS Risk in Image Processing Pipelines

Aegiron 8 mins0

Overview

CVE ID: CVE-2026-27809
Affected component: psd-tools (Python library for Adobe Photoshop PSD files)
Affected versions: Versions prior to 1.12.2
Fixed version: 1.12.2 and later
CVSS v4.0 score: 6.8
Severity: Medium (can be considered High in availability-critical environments)
Impact type: Denial of Service (application crash, potential memory exhaustion)
Attack vector: Remote (via malicious PSD file)
Privileges required: None
User interaction: Not required if files are processed automatically
Exploit maturity: Proof-of-concept feasible; no widely published weaponized exploit
Exploit availability: Educational / research level only

Vulnerability Summary

A flaw was identified in the way psd-tools handles Run-Length Encoded (RLE) image data while parsing Photoshop (PSD) files. When malformed or intentionally corrupted RLE data is present, the decoding routine raises an internal exception that is not properly handled. As a result, the application using psd-tools terminates unexpectedly.

In environments where PSD files are processed automatically—such as design asset pipelines, conversion services, or backend image processing workers—this behavior allows a single crafted file to crash the service, leading to denial-of-service conditions.

Technical Details

During PSD parsing, compressed image data is decompressed using an RLE decoding routine. The routine assumes that RLE segment lengths match the expected scanline size. If a PSD file declares invalid RLE run lengths (for example, a literal run that exceeds the expected row width), the decoder raises a ValueError.

This exception is not intercepted at the appropriate layer, causing it to propagate upward and terminate the parsing process. The intended fallback behavior—replacing the corrupted channel with neutral pixel data—is never executed due to the missing exception handling.

In addition to the immediate crash condition, insufficient validation around decompression and image dimension handling may cause excessive memory allocation attempts. In constrained environments, this can result in out-of-memory conditions, container restarts, or worker process termination.

Attack Scenario

The vulnerability can be exploited by supplying a specially crafted PSD file containing malformed RLE data. Common scenarios include:

  • Automated ingestion of user-supplied PSD files through web applications or APIs.
  • Backend services converting or rendering PSD files without sandboxing.
  • CI/CD or asset pipelines that automatically composite or export PSD layers.
  • Desktop or server applications that rely on psd-tools to preview or process files on open.

No authentication is required if file upload or ingestion endpoints are exposed. Repeated submission of such files may result in persistent service instability.

Impact

  • Application crashes during PSD processing
  • Denial of service for image pipelines or rendering services
  • Potential resource exhaustion (memory/CPU)
  • Disruption of automated workflows

No evidence indicates that this vulnerability enables arbitrary code execution. The impact is limited to availability and stability.

Proof of Concept (Educational)

A proof-of-concept can be created by modifying the RLE-compressed image data inside a valid PSD file so that declared run lengths exceed the expected scanline width. When such a file is processed using functions such as psd.composite() or layer export routines, the application crashes with an unhandled exception.

Detection and Monitoring

Log Sources to Monitor

  • Application logs (Python traceback logs)
  • Container logs (Docker / Kubernetes)
  • Process crash logs
  • Memory and OOM killer logs
  • File upload and ingestion logs

Indicators of Exploitation

  • Repeated application crashes immediately after PSD file processing
  • Python tracebacks referencing RLE decoding or compression logic
  • Sudden spikes in memory usage tied to PSD parsing tasks
  • Repeated failures triggered by specific uploaded files

Detection Queries

Splunk

index=application_logs
("psd_tools" OR "decode_rle" OR "psd.composite")
AND ("ValueError" OR "Traceback")

Elasticsearch / OpenSearch (KQL)

message : ("psd_tools" or "decode_rle" or "psd.composite")
and message : ("ValueError" or "Traceback")

Container Runtime Logs

"psd_tools" AND ("killed" OR "OOM" OR "exception")

File Ingestion Correlation

source=upload_logs file_extension=".psd"
| join request_id [ search source=application_logs "psd_tools" ]

MITRE Mapping

CWE

  • CWE-755: Improper Handling of Exceptional Conditions
  • CWE-409: Improper Handling of Highly Compressed Data
  • CWE-789: Memory Allocation with Excessive Size Value
  • CWE-190: Integer Overflow or Wraparound

ATT&CK (Impact)

  • T1499 – Endpoint Denial of Service

Mitigation and Remediation

Immediate Actions

  • Upgrade psd-tools to version 1.12.2 or later.
  • Block or sandbox untrusted PSD file processing until the upgrade is applied.
  • Restart affected services after patch deployment.

Long-Term Hardening

  • Enforce strict limits on PSD file size, dimensions, and processing time.
  • Isolate image parsing in sandboxed or resource-restricted containers.
  • Add validation checks before decompression and rendering.
  • Monitor for repeated crashes tied to file ingestion.

Official Patch / Upgrade Link

The vulnerability is resolved in psd-tools version 1.12.2.

Official release:
https://github.com/psd-tools/psd-tools/releases/tag/v1.12.2

Risk Statement

While the vulnerability does not enable code execution, it poses a meaningful risk to service availability in environments that automatically process PSD files. Systems exposed to untrusted file input without proper isolation are most at risk. Prompt patching and defensive monitoring are strongly recommended.

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.