Описание
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
There is an out-of-bounds read in J2kDecode in j2ku_gray_i. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A.
Меры по смягчению последствий
To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled, as it is by default.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-pillow | Out of support scope | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Affected | ||
| Red Hat Enterprise Linux 8 | python-pillow | Fixed | RHSA-2021:4149 | 09.11.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1958231python-pillow: Out-of-bounds read in J2K image reader
EPSS
Процентиль: 50%
0.00267
Низкий
9.1 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.1
ubuntu
больше 4 лет назад
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
CVSS3: 9.1
nvd
больше 4 лет назад
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
CVSS3: 9.1
debian
больше 4 лет назад
An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...
EPSS
Процентиль: 50%
0.00267
Низкий
9.1 Critical
CVSS3