In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
{ "vanir_signatures": [ { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2020-10378-78acc16d", "source": "https://github.com/python-pillow/pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7", "digest": { "function_hash": "237027674255937501286717290487134717202", "length": 1418.0 }, "target": { "file": "src/libImaging/PcxDecode.c", "function": "ImagingPcxDecode" } }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "id": "CVE-2020-10378-ee72a343", "source": "https://github.com/python-pillow/pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7", "digest": { "line_hashes": [ "25901954450279011341742658171344170564", "4064274618583996555694994057645488849", "28176007691574792831032194145824532472", "217779631413749524162890180010505715716", "100250632816792623213214653223208827946", "24042758865160182801373950721837609446", "216173328986995126865716644862015367760" ], "threshold": 0.9 }, "target": { "file": "src/libImaging/PcxDecode.c" } } ] }