Описание
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
Отчет
This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they did not include support for tiled TIFF images, where the flaw lies.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python-imaging | Not affected | ||
| Red Hat Enterprise Linux 6 | python-imaging | Not affected | ||
| Red Hat Enterprise Linux 7 | python-pillow | Not affected | ||
| Red Hat Enterprise Linux 8 | python-pillow | Not affected | ||
| Red Hat Quay 3 | quay/clair-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-container-security-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...
Уязвимость функции realloc (libImaging/TiffDecode.c) библиотеки для работы с изображениями Pillow, позволяющая нарушителю вызвать отказ в обслуживании
8.1 High
CVSS3