Описание
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python-imaging | Out of support scope | ||
| Red Hat Enterprise Linux 6 | python-imaging | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python-pillow | Fixed | RHSA-2020:3887 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | python-pillow | Fixed | RHSA-2020:3185 | 28.07.2020 |
| Red Hat Quay 3 | quay/clair-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-container-security-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1789532python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images
8.2 High
CVSS3
Связанные уязвимости
CVSS3: 7.1
ubuntu
около 6 лет назад
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVSS3: 7.1
nvd
около 6 лет назад
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVSS3: 7.1
debian
около 6 лет назад
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...
8.2 High
CVSS3