Описание
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pillow | fixed | 8.2.0-1 | experimental | package |
| pillow | fixed | 8.1.2+dfsg-0.2 | package |
Примечания
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
Debian packages are built without JPEG2000 support
Связанные уязвимости
CVSS3: 9.1
ubuntu
больше 4 лет назад
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
CVSS3: 9.1
redhat
почти 5 лет назад
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
CVSS3: 9.1
nvd
больше 4 лет назад
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
