Описание
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.
Отчет
Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-pillow | Out of support scope | ||
| Red Hat Enterprise Linux 9 | python-pillow | Affected | ||
| Red Hat Enterprise Linux 8 | python-pillow | Fixed | RHSA-2021:4149 | 09.11.2021 |
| Red Hat Quay 3 | quay/quay-rhel8 | Fixed | RHSA-2021:3917 | 19.10.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1934705python-pillow: Out-of-bounds read in SGI RLE image reader
EPSS
Процентиль: 28%
0.001
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 5 лет назад
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
CVSS3: 7.5
nvd
почти 5 лет назад
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
CVSS3: 7.5
debian
почти 5 лет назад
An issue was discovered in Pillow before 8.1.1. There is an out-of-bou ...
CVSS3: 7.5
fstec
почти 5 лет назад
Уязвимость компонента SGIRleDecode.c библиотеки для работы с растровой графикой Pillow, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
Процентиль: 28%
0.001
Низкий
7.5 High
CVSS3