CVE-2021-25291

Опубликовано: 19 мар. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

Ссылки

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202107-33
Third Party Advisory
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202107-33
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*

Версия до 8.1.1 (исключая)

EPSS

Процентиль: 67%

0.00539

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2021-25291

CVSS3: 7.5

ubuntu

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

CVE-2021-25291

CVSS3: 7.5

redhat

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

CVE-2021-25291

CVSS3: 7.5

debian

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...

GHSA-mvg9-xffr-p774

CVSS3: 7.5

github

почти 5 лет назад

Out of bounds read in Pillow

openSUSE-SU-2021:1134-1

suse-cvrf

больше 4 лет назад

Security update for python-CairoSVG, python-Pillow

EPSS

Процентиль: 67%

0.00539

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125