CVE-2020-11538

CVSS v4.0

9.2

Critical

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 7.0.1

Description The issue exists in the parsing of SGI image files, where a number of out-of-bounds reads are present in the libImaging/SgiRleDecode.c module.

Recommendations For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BIT-PILLOW-2020-11538

CESA-2020_3185

CVE-2020-11538

GHSA-43FQ-W8QQ-V88H

MGASA-2020-0434

PYSEC-2020-80

RHSA-2020:3185

RHSA-2020:3299

RHSA-2020:3302

RHSA-2020_3185

RLSA-2020:3185

SUSE-RU-2020:2161-1

USN-4430-1

USN-4430-2

Affected Products

Centos

Linuxmint

Pillow

Red Hat

Rocky Linux

Ubuntu

CVE-2020-11538

Weakness Enumeration

Related Identifiers

Affected Products

References · 104