CVE-2020-10177

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 7.1.0 Pillow versions 7.x prior to 7.0.1 Pillow version 6.2.2 and earlier

Description The issue is related to multiple out-of-bounds reads in the libImaging/FliDecode.c library. This could allow a remote attacker to access confidential data.

Recommendations For Pillow versions prior to 7.1.0, update to version 7.1.0 or later. For Pillow versions 7.x prior to 7.0.1, update to version 7.0.1 or later. For Pillow version 6.2.2 and earlier, update to version 6.2.3 or later.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2021-03717

BIT-PILLOW-2020-10177

CVE-2020-10177

DLA-2317-1

GHSA-CQHG-XJHH-P8HF

MGASA-2020-0434

PYSEC-2020-76

SUSE-RU-2020:2161-1

SUSE-SU-2020:2057-1

SUSE-SU-2020:2911-1

SUSE-SU-2020:3309-1

USN-4430-1

USN-4430-2

USN-4697-2

Affected Products

Linuxmint

Pillow

Ubuntu

CVE-2020-10177

Weakness Enumeration

Related Identifiers

Affected Products

References · 231