Описание
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pillow | fixed | 8.1.1-1 | package | |
| pillow | fixed | 5.4.1-2+deb10u3 | buster | package |
Примечания
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
Связанные уязвимости
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Уязвимость компонента TiffDecode.c библиотеки для работы с изображениями Pillow, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании