Описание
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
python-pillow as shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw as the flaw was introduced in a newer version than shipped.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-pillow | Not affected | ||
| Red Hat Enterprise Linux 8 | python-pillow | Not affected | ||
| Red Hat Enterprise Linux 9 | python-pillow | Not affected | ||
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Not affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fixed | RHSA-2021:3917 | 19.10.2021 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...
9.8 Critical
CVSS3