Описание
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python-imaging | Out of support scope | ||
| Red Hat Enterprise Linux 6 | python-imaging | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python-pillow | Fixed | RHSA-2020:3887 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | python-pillow | Fixed | RHSA-2020:3185 | 28.07.2020 |
| Red Hat Quay 3 | quay/clair-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-bridge-operator-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-builder-rhel8 | Fixed | RHSA-2021:0420 | 04.02.2021 |
| Red Hat Quay 3 | quay/quay-container-security-operator-bundle | Fixed | RHSA-2021:0420 | 04.02.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1789532python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images
EPSS
Процентиль: 68%
0.00551
Низкий
8.2 High
CVSS3
Связанные уязвимости
CVSS3: 7.1
ubuntu
больше 6 лет назад
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVSS3: 7.1
nvd
больше 6 лет назад
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVSS3: 7.1
debian
больше 6 лет назад
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...
EPSS
Процентиль: 68%
0.00551
Низкий
8.2 High
CVSS3