First published: Thu Jun 25 2020(Updated: )
A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Python Pillow | <7.1.0 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
redhat/python-pillow | <7.1.0 | 7.1.0 |
pip/Pillow | <7.1.0 | 7.1.0 |
ubuntu/pillow | <5.1.0-1ubuntu0.3 | 5.1.0-1ubuntu0.3 |
ubuntu/pillow | <7.0.0-4ubuntu0.1 | 7.0.0-4ubuntu0.1 |
ubuntu/pillow | <7.1.0 | 7.1.0 |
ubuntu/pillow | <3.1.2-0ubuntu1.4 | 3.1.2-0ubuntu1.4 |
debian/pillow | 5.4.1-2+deb10u3 5.4.1-2+deb10u6 8.1.2+dfsg-0.3+deb11u1 9.4.0-1.1 10.3.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw in python-pillow is CVE-2020-10378.
The severity of CVE-2020-10378 is medium.
Versions up to and excluding 7.1.0 of python-pillow are affected by CVE-2020-10378.
The remedy for CVE-2020-10378 in ubuntu/pillow is version 3.1.2-0ubuntu1.4.
You can find more information about CVE-2020-10378 on the CVE website and NIST National Vulnerability Database.