Описание
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
Отчет
While python-pillow is listed as a dependency of Red Hat Quay, it is not used by the application. This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they provide an older version of the code which does not include the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python-imaging | Not affected | ||
| Red Hat Enterprise Linux 6 | python-imaging | Not affected | ||
| Red Hat Enterprise Linux 7 | python-pillow | Not affected | ||
| Red Hat Enterprise Linux 8 | python-pillow | Not affected | ||
| Red Hat Quay 3 | quay/clair-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-container-security-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1852836python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()
EPSS
Процентиль: 60%
0.00403
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.8
ubuntu
больше 5 лет назад
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
CVSS3: 7.8
nvd
больше 5 лет назад
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
CVSS3: 7.8
debian
больше 5 лет назад
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...
EPSS
Процентиль: 60%
0.00403
Низкий
7.5 High
CVSS3