Описание
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python-imaging | Out of support scope | ||
| Red Hat Enterprise Linux 6 | python-imaging | Fixed | RHSA-2020:0898 | 18.03.2020 |
| Red Hat Enterprise Linux 7 | python-pillow | Fixed | RHSA-2020:0578 | 24.02.2020 |
| Red Hat Enterprise Linux 8 | python-pillow | Fixed | RHSA-2020:0580 | 24.02.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | python-pillow | Fixed | RHSA-2020:0566 | 20.02.2020 |
| Red Hat Quay 3 | quay/clair-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...
ELSA-2020-0898: python-imaging security update (IMPORTANT)
9.8 Critical
CVSS3