Описание
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.
Отчет
This issue does not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 8 as it does not include the vulnerable code, which was introduced in a newer upstream version than what what shipped.
Меры по смягчению последствий
Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-pillow | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python-pillow | Not affected | ||
| Red Hat Enterprise Linux 9 | python-pillow | Affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fixed | RHSA-2021:3917 | 19.10.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...
Security update for python-CairoSVG, python-Pillow
EPSS
7.5 High
CVSS3