CVE-2020-10378

Опубликовано: 25 июн. 2020

Источник: debian

EPSS Низкий

Описание

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pillow	fixed	7.2.0-1		package
pillow	fixed	5.4.1-2+deb10u2	buster	package
pillow	not-affected		stretch	package
pillow	not-affected		jessie	package

Примечания

https://github.com/python-pillow/Pillow/pull/4538
https://github.com/python-pillow/Pillow/pull/4506
https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2 (Test)
Fixed by: https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7
https://github.com/python-pillow/Pillow/commit/ada137eba5b605fd5aeff619c33bbf0e53af26ee (Test)
Fixed in 6.2.3 and 7.1.0

EPSS

Процентиль: 56%

0.00333

Низкий

Связанные уязвимости

CVE-2020-10378

CVSS3: 5.5

ubuntu

больше 5 лет назад

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

CVE-2020-10378

CVSS3: 5.9

redhat

больше 5 лет назад

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

CVE-2020-10378

CVSS3: 5.5

nvd

больше 5 лет назад

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

GHSA-3xv8-3j54-hgrp

CVSS3: 5.5

github

больше 4 лет назад

Out-of-bounds read in Pillow

EPSS

Процентиль: 56%

0.00333

Низкий