CVE-2021-34552

Опубликовано: 13 июл. 2021

Источник: debian

EPSS Низкий

Описание

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pillow	fixed	8.1.2+dfsg-0.3		package
pillow	fixed	5.4.1-2+deb10u3	buster	package

Примечания

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
https://github.com/python-pillow/Pillow/pull/5567
https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f (8.3.0)

EPSS

Процентиль: 54%

0.0032

Низкий

Связанные уязвимости

CVE-2021-34552

CVSS3: 9.8

ubuntu

около 4 лет назад

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

CVE-2021-34552

CVSS3: 5.9

redhat

около 4 лет назад

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

CVE-2021-34552

CVSS3: 9.8

nvd

около 4 лет назад

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

RLSA-2021:4149

rocky

больше 3 лет назад

Moderate: python-pillow security update

GHSA-7534-mm45-c74v

CVSS3: 9.8

github

почти 4 года назад

Buffer Overflow in Pillow

EPSS

Процентиль: 54%

0.0032

Низкий