In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
Source: MITRE
Published: 2021-01-12
Updated: 2021-01-29
Type: CWE-125
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 7.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Impact Score: 4.2
Exploitability Score: 2.8
Severity: HIGH
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
148586 | EulerOS : python-pillow (EulerOS-SA-2021-1743) | Nessus | Huawei Local Security Checks | high |
148585 | EulerOS : python-pillow (EulerOS-SA-2021-1729) | Nessus | Huawei Local Security Checks | high |
148071 | EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-1702) | Nessus | Huawei Local Security Checks | medium |
147492 | EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2021-1383) | Nessus | Huawei Local Security Checks | medium |
147468 | EulerOS Virtualization 3.0.2.6 : python-pillow (EulerOS-SA-2021-1421) | Nessus | Huawei Local Security Checks | medium |
147058 | EulerOS Virtualization for ARM 64 3.0.6.0 : python-pillow (EulerOS-SA-2021-1570) | Nessus | Huawei Local Security Checks | medium |
147028 | EulerOS Virtualization 3.0.6.6 : python-pillow (EulerOS-SA-2021-1515) | Nessus | Huawei Local Security Checks | medium |
146723 | EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2021-1353) | Nessus | Huawei Local Security Checks | medium |
146238 | EulerOS : python-pillow (EulerOS-SA-2021-1273) | Nessus | Huawei Local Security Checks | high |
146225 | EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-1254) | Nessus | Huawei Local Security Checks | high |
145750 | EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-1167) | Nessus | Huawei Local Security Checks | medium |
145337 | Fedora 32 : python-pillow (2021-880aa7bd27) | Nessus | Fedora Local Security Checks | medium |
145235 | Fedora 33 : mingw-python-pillow / python-pillow (2021-a8ddc1ce70) | Nessus | Fedora Local Security Checks | medium |
145048 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pillow vulnerabilities (USN-4697-1) | Nessus | Ubuntu Local Security Checks | medium |
144867 | GLSA-202101-08 : Pillow: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |