AVG-1438 log

Package python-pillow
Status Fixed
Severity Medium
Type multiple issues
Affected 8.0.1-3
Fixed 8.1.0-1
Current 8.4.0-1 [community]
Ticket None
Created Tue Jan 12 09:47:14 2021
Issue Severity Remote Type Description
CVE-2020-35655 Low No Denial of service
In python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over- read when decoding crafted SGI RLE image files because offsets and length tables are...
CVE-2020-35654 Medium No Arbitrary code execution
In python-pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...
CVE-2020-35653 Medium No Information disclosure
In python-pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for...
Date Advisory Package Type
12 Jan 2021 ASA-202101-11 python-pillow multiple issues
References
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security