In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
{ "vanir_signatures": [ { "signature_version": "v1", "digest": { "length": 1418.0, "function_hash": "237027674255937501286717290487134717202" }, "id": "CVE-2020-10378-78acc16d", "deprecated": false, "target": { "file": "src/libImaging/PcxDecode.c", "function": "ImagingPcxDecode" }, "signature_type": "Function", "source": "https://github.com/python-pillow/pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7" }, { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "25901954450279011341742658171344170564", "4064274618583996555694994057645488849", "28176007691574792831032194145824532472", "217779631413749524162890180010505715716", "100250632816792623213214653223208827946", "24042758865160182801373950721837609446", "216173328986995126865716644862015367760" ] }, "id": "CVE-2020-10378-ee72a343", "deprecated": false, "target": { "file": "src/libImaging/PcxDecode.c" }, "signature_type": "Line", "source": "https://github.com/python-pillow/pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7" } ] }