CVE-2020-10571

Name of the Vulnerable Software and Affected Versions psd-tools versions prior to 1.9.4

Description An issue was discovered in the Cython implementation of RLE decoding, which did not check for malicious or malformed PSD input data during decoding to the PIL.Image or NumPy format, leading to a Buffer Overflow.

Recommendations For versions prior to 1.9.4, upgrade to version 1.9.4 to resolve the issue. As a temporary workaround for already installed psd-tools with the Cython extension, consider upgrading to version 1.9.4, as without Cython present on installation, the buffer overflow does not occur, but an IndexError will be thrown.