AVG-1438 log
| Package | python-pillow |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 8.0.1-3 |
| Fixed | 8.1.0-1 |
| Current | 11.0.0-3 [extra] |
| Ticket | None |
| Created | Tue Jan 12 09:47:14 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-35655 | Low | No | Denial of service | In python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over- read when decoding crafted SGI RLE image files because offsets and length tables are... |
| CVE-2020-35654 | Medium | No | Arbitrary code execution | In python-pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts... |
| CVE-2020-35653 | Medium | No | Information disclosure | In python-pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 12 Jan 2021 | ASA-202101-11 | python-pillow | multiple issues |
| References |
|---|
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security |