CVE-2020-35655

Опубликовано: 03 янв. 2021

Источник: redhat

CVSS3: 5.4

EPSS Низкий

Описание

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

A flaw was found in python-pillow. SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	python-pillow	Out of support scope
Red Hat Enterprise Linux 9	python-pillow	Not affected
Red Hat Quay 3	quay/quay-builder-qemu-rhcos-rhel8	Not affected
Red Hat Quay 3	quay/quay-rhel8	Affected
Red Hat Enterprise Linux 8	python-pillow	Fixed	RHSA-2021:4149	09.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122->CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1915432python-pillow: Buffer over-read in SGI RLE image reader

EPSS

Процентиль: 50%

0.00269

Низкий

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2020-35655

CVSS3: 5.4

ubuntu

около 5 лет назад

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

CVE-2020-35655

CVSS3: 5.4

nvd

около 5 лет назад

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

CVE-2020-35655

CVSS3: 5.4

debian

около 5 лет назад

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...

GHSA-hf64-x4gq-p99h

CVSS3: 5.4

github

почти 5 лет назад

Pillow Out-of-bounds Read

openSUSE-SU-2021:1134-1

suse-cvrf

больше 4 лет назад

Security update for python-CairoSVG, python-Pillow

EPSS

Процентиль: 50%

0.00269

Низкий

5.4 Medium

CVSS3