Описание
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Ссылки
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0 (включая) до 1.1.7 (включая)Версия от 1.2 (включая) до 8.2.0 (включая)
Одно из
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.0032
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-120
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 4 лет назад
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
CVSS3: 5.9
redhat
около 4 лет назад
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
CVSS3: 9.8
debian
около 4 лет назад
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...
EPSS
Процентиль: 54%
0.0032
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-120