GHSA-p43w-g3c5-g5mq

Source

https://github.com/advisories/GHSA-p43w-g3c5-g5mq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-p43w-g3c5-g5mq/GHSA-p43w-g3c5-g5mq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p43w-g3c5-g5mq

Aliases

BIT-pillow-2021-25293
CVE-2021-25293
PYSEC-2021-39

Published

2021-03-29T16:35:27Z

Modified

2024-03-26T19:31:23.387898Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Out of bounds read in Pillow

Details

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-25293
https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
https://github.com/python-pillow/Pillow
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://security.gentoo.org/glsa/202107-33

Affected packages

PyPI / pillow

Package

Name: pillow; View open source insights on deps.dev
Purl: pkg:pypi/pillow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

8.1.1

Affected versions

4.*

4.3.0

5.*

5.0.0

5.1.0

5.2.0

5.3.0

5.4.0.dev0

5.4.0

5.4.1

6.*

6.0.0

6.1.0

6.2.0

6.2.1

6.2.2

7.*

7.0.0

7.1.0

7.1.1

7.1.2

7.2.0

8.*

8.0.0

8.0.1

8.1.0