BIT-pillow-2020-11538

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/pillow/BIT-pillow-2020-11538.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-pillow-2020-11538

Aliases

CVE-2020-11538
GHSA-43fq-w8qq-v88h
PYSEC-2020-80

Published

2024-03-06T11:06:47.992Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

References

https://github.com/python-pillow/Pillow/pull/4504
https://github.com/python-pillow/Pillow/pull/4538
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
https://usn.ubuntu.com/4430-1/
https://usn.ubuntu.com/4430-2/

Affected packages

Bitnami / pillow

Package

Name: pillow
Purl: pkg:bitnami/pillow

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.0