CVE-2020-5313

CVSS v4.0

8.3

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 6.2.2

Description The issue is related to a buffer overflow in the libImaging/FliDecode.c function of the Pillow image processing library. This buffer overflow can be exploited by a remote attacker to gain access to confidential information or cause a denial of service. The vulnerability is associated with reading beyond the permissible boundaries of a data buffer.

Recommendations For Pillow versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the libImaging/FliDecode.c function until a patch is applied.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2021-03636

BIT-PILLOW-2020-5313

CESA-2020_3185

CESA-2020_3887

CVE-2020-5313

DLA-2057-1

DSA-4631-1

GHSA-HJ69-C76V-86WR

MGASA-2020-0088

PYSEC-2020-84

RHSA-2020:3185

RHSA-2020:3887

RHSA-2020_3185

RHSA-2020_3887

RLSA-2020:3185

SUSE-RU-2020:2072-1

SUSE-RU-2020:2161-1

SUSE-SU-2020:1901-1

SUSE-SU-2020:2057-1

USN-4272-1

Affected Products

Centos

Pillow

Red Hat

Rocky Linux

Ubuntu

CVE-2020-5313

Weakness Enumeration

Related Identifiers

Affected Products

References · 167