CVE-2024-28219: Use strncpy to avoid buffer overflow by hugovk · Pull Request #7928 · python-pillow/Pillow
If you look a few lines earlier
| if "LAB" in (self.mode, mode): | |
| other_mode = mode if self.mode == "LAB" else self.mode | |
| if other_mode in ("RGB", "RGBA", "RGBX"): | |
| from . import ImageCms | |
| srgb = ImageCms.createProfile("sRGB") | |
| lab = ImageCms.createProfile("LAB") | |
| profiles = [lab, srgb] if self.mode == "LAB" else [srgb, lab] | |
| transform = ImageCms.buildTransform( | |
| profiles[0], profiles[1], self.mode, mode |
you will see that one of the modes has to be "LAB", and the other has to be one of "RGB", "RGBA" or "RGBX",
none of which is more than 8 characters.
So it isn't exploitable from Image.convert.