Kyamagup

**Name of the Vulnerable Software and Affected Versions** psd-tools versions prior to 1.12.2 **Description** psd-tools, a Python package for working with Adobe Photoshop PSD files, contains multiple issues. A lack of a length cap on `zlib.decompress` can lead to denial-of-service or out-of-memory crashes when processing crafted PSD files containing ZIP-compressed channels. There is no upper-bound validation on image dimensions before memory allocation, which could lead to crashes when processing malformed or adversarially crafted PSB files. An `assert` statement is used as a runtime integrity check, which can be disabled, potentially leading to silent errors. There is a type mismatch between `cdef int` indices and `Py ssize t size` in the Cython decoder. Silent data degradation occurs when malformed channel data is replaced with zero-padded pixels, and this is only indicated by a log message. Finally, there is an inconsistency in the return type of the `encode()` function in the Cython code. **Recommendations** Versions prior to 1.12.2 should be updated to version 1.12.2 or later.