First published: Mon Apr 01 2024(Updated: )
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
pip/pillow | <10.3.0 | 10.3.0 |
ubuntu/pillow | <5.1.0-1ubuntu0.8+ | 5.1.0-1ubuntu0.8+ |
ubuntu/pillow | <7.0.0-4ubuntu0.9 | 7.0.0-4ubuntu0.9 |
ubuntu/pillow | <9.0.1-1ubuntu0.3 | 9.0.1-1ubuntu0.3 |
ubuntu/pillow | <10.0.0-1ubuntu0.2 | 10.0.0-1ubuntu0.2 |
ubuntu/pillow | <10.2.0-1ubuntu1 | 10.2.0-1ubuntu1 |
ubuntu/pillow | <2.3.0-1ubuntu3.4+ | 2.3.0-1ubuntu3.4+ |
ubuntu/pillow | <10.3.0 | 10.3.0 |
ubuntu/pillow | <3.1.2-0ubuntu1.6+ | 3.1.2-0ubuntu1.6+ |
ubuntu/pillow-python2 | <6.2.1-3ubuntu0.1~ | 6.2.1-3ubuntu0.1~ |
redhat/pillow | <10.3.0 | 10.3.0 |
debian/pillow | 8.1.2+dfsg-0.3+deb11u2 9.4.0-1.1+deb12u1 10.4.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.