CVE-2021-25287

Опубликовано: 01 апр. 2021

Источник: redhat

CVSS3: 9.1

EPSS Низкий

Описание

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

There is an out-of-bounds read in J2kDecode in j2ku_graya_la. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A.

Меры по смягчению последствий

To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled as it is by default.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	python-pillow	Out of support scope
Red Hat Quay 3	quay/quay-rhel8	Affected
Red Hat Enterprise Linux 8	python-pillow	Fixed	RHSA-2021:4149	09.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1958226python-pillow: Out-of-bounds read in J2K image reader

EPSS

Процентиль: 56%

0.00343

Низкий

9.1 Critical

CVSS3

Связанные уязвимости

CVE-2021-25287

CVSS3: 9.1

ubuntu

больше 4 лет назад

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

CVE-2021-25287

CVSS3: 9.1

nvd

больше 4 лет назад

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

CVE-2021-25287

CVSS3: 9.1

debian

больше 4 лет назад

An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...

GHSA-77gc-v2xv-rvvh

CVSS3: 9.1

github

больше 4 лет назад

Out-of-bounds Read in Pillow

SUSE-SU-2024:1607-1

suse-cvrf

больше 1 года назад

Security update for python-Pillow

EPSS

Процентиль: 56%

0.00343

Низкий

9.1 Critical

CVSS3