CVE-2020-35654

Опубликовано: 12 янв. 2021

Источник: debian

EPSS Низкий

Описание

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pillow	fixed	8.1.0-1		package
pillow	not-affected		buster	package
pillow	not-affected		stretch	package

Примечания

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
https://github.com/python-pillow/Pillow/pull/5175
https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)

EPSS

Процентиль: 42%

0.00199

Низкий

Связанные уязвимости

CVE-2020-35654

CVSS3: 8.8

ubuntu

около 5 лет назад

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

CVE-2020-35654

CVSS3: 9.8

redhat

около 5 лет назад

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

CVE-2020-35654

CVSS3: 8.8

nvd

около 5 лет назад

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

GHSA-vqcj-wrf2-7v73

CVSS3: 8.8

github

почти 5 лет назад

Pillow Out-of-bounds Write

SUSE-SU-2024:1673-2

suse-cvrf

больше 1 года назад

Security update for python-Pillow

EPSS

Процентиль: 42%

0.00199

Низкий