CVE-2020-5310

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 6.2.2

Description The issue is related to a TIFF decoding integer overflow in the libImaging/TiffDecode.c file of the Pillow library. This overflow is connected to the realloc function. The exploitation of this issue could allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the libImaging/TiffDecode.c function for TIFF decoding until a patch is applied.

Fix

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-122

Related Identifiers

BDU:2020-05772

BIT-PILLOW-2020-5310

CVE-2020-5310

GHSA-VCQG-3P29-XW73

MGASA-2020-0088

PYSEC-2020-81

USN-4272-1

Affected Products

Pillow

Ubuntu

CVE-2020-5310

Weakness Enumeration

Related Identifiers

Affected Products

References · 33