PT-2020-12049 · Python Imaging Library+2 · Pillow+2
Hugovk
·
Published
2020-06-25
·
Updated
2024-03-06
·
CVE-2020-10379
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Pillow versions prior to 7.1.0
Pillow versions 7.x prior to 7.0.1
Pillow version 6.2.3 and earlier
Description
The issue involves two Buffer Overflows in libImaging/TiffDecode.c. This affects Pillow, where the buffer overflows can occur due to improper handling in the TiffDecode.c file within the libImaging module.
Recommendations
For Pillow versions prior to 7.1.0, update to version 7.1.0 or later.
For Pillow versions 7.x prior to 7.0.1, update to version 7.0.1 or later.
For Pillow version 6.2.3 and earlier, update to a version later than 6.2.3.
As a temporary workaround, consider restricting access to the
libImaging/TiffDecode.c module until a patch is available.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Pillow
Ubuntu