Описание
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality.
Отчет
This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the JP2 image parser, where the flaw lies.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python-imaging | Not affected | ||
| Red Hat Enterprise Linux 6 | python-imaging | Not affected | ||
| Red Hat Enterprise Linux 7 | python-pillow | Not affected | ||
| Red Hat Enterprise Linux 8 | python-pillow | Fix deferred | ||
| Red Hat Quay 3 | quay/clair-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-container-security-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...
5.3 Medium
CVSS3