CVE-2020-35655

Опубликовано: 12 янв. 2021

Источник: debian

Описание

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pillow	fixed	8.1.0-1		package
pillow	fixed	5.4.1-2+deb10u3	buster	package
pillow	not-affected		stretch	package

Примечания

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
https://github.com/python-pillow/Pillow/pull/5173
https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (4.3.0)

Связанные уязвимости

CVE-2020-35655

CVSS3: 5.4

ubuntu

около 5 лет назад

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

CVE-2020-35655

CVSS3: 5.4

redhat

около 5 лет назад

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

CVE-2020-35655

CVSS3: 5.4

nvd

около 5 лет назад

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

GHSA-hf64-x4gq-p99h

CVSS3: 5.4

github

почти 5 лет назад

Pillow Out-of-bounds Read

openSUSE-SU-2021:1134-1

suse-cvrf

больше 4 лет назад

Security update for python-CairoSVG, python-Pillow