CVE-2020-10994

Опубликовано: 25 июн. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

Ссылки

https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/pull/4505
Issue Tracking
Patch
https://github.com/python-pillow/Pillow/pull/4538
Issue Tracking
Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://pillow.readthedocs.io/en/stable/releasenotes/
Release Notes
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
Product
https://usn.ubuntu.com/4430-1/
Third Party Advisory
https://usn.ubuntu.com/4430-2/
Third Party Advisory
https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/pull/4505
Issue Tracking
Patch
https://github.com/python-pillow/Pillow/pull/4538
Issue Tracking
Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://pillow.readthedocs.io/en/stable/releasenotes/
Release Notes
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
Product
https://usn.ubuntu.com/4430-1/
Third Party Advisory
https://usn.ubuntu.com/4430-2/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*

Версия до 7.1.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 63%

0.00443

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2020-10994

CVSS3: 5.5

ubuntu

больше 5 лет назад

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

CVE-2020-10994

CVSS3: 5.3

redhat

больше 5 лет назад

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

CVE-2020-10994

CVSS3: 5.5

debian

больше 5 лет назад

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...

GHSA-vj42-xq3r-hr3r

CVSS3: 5.5

github

больше 5 лет назад

Out-of-bounds reads in Pillow

EPSS

Процентиль: 63%

0.00443

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125