CVE-2020-35653MEDIUM
Description
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
References
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
Details
Source: MITRE
Published: 2021-01-12
Updated: 2021-01-29
Type: CWE-125
Risk Information
CVSS v2.0
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 7.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Impact Score: 4.2
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 148586 | EulerOS : python-pillow (EulerOS-SA-2021-1743) | Nessus | Huawei Local Security Checks | high |
| 148585 | EulerOS : python-pillow (EulerOS-SA-2021-1729) | Nessus | Huawei Local Security Checks | high |
| 148071 | EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-1702) | Nessus | Huawei Local Security Checks | medium |
| 147492 | EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2021-1383) | Nessus | Huawei Local Security Checks | medium |
| 147468 | EulerOS Virtualization 3.0.2.6 : python-pillow (EulerOS-SA-2021-1421) | Nessus | Huawei Local Security Checks | medium |
| 147058 | EulerOS Virtualization for ARM 64 3.0.6.0 : python-pillow (EulerOS-SA-2021-1570) | Nessus | Huawei Local Security Checks | medium |
| 147028 | EulerOS Virtualization 3.0.6.6 : python-pillow (EulerOS-SA-2021-1515) | Nessus | Huawei Local Security Checks | medium |
| 146723 | EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2021-1353) | Nessus | Huawei Local Security Checks | medium |
| 146238 | EulerOS : python-pillow (EulerOS-SA-2021-1273) | Nessus | Huawei Local Security Checks | high |
| 146225 | EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-1254) | Nessus | Huawei Local Security Checks | high |
| 145750 | EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-1167) | Nessus | Huawei Local Security Checks | medium |
| 145337 | Fedora 32 : python-pillow (2021-880aa7bd27) | Nessus | Fedora Local Security Checks | medium |
| 145235 | Fedora 33 : mingw-python-pillow / python-pillow (2021-a8ddc1ce70) | Nessus | Fedora Local Security Checks | medium |
| 145048 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pillow vulnerabilities (USN-4697-1) | Nessus | Ubuntu Local Security Checks | medium |
| 144867 | GLSA-202101-08 : Pillow: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |