AVG-1439 log

Package python2-pillow
Status Vulnerable
Severity Medium
Type multiple issues
Affected 6.2.1-3
Fixed Unknown
Current 6.2.1-3 [community]
Ticket Create
Created Tue Jan 12 10:01:10 2021
Issue Severity Remote Type Description
CVE-2020-35655 Low No Denial of service
In python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over- read when decoding crafted SGI RLE image files because offsets and length tables are...
CVE-2020-35654 Medium No Arbitrary code execution
In python-pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...
CVE-2020-35653 Medium No Information disclosure
In python-pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for...
References
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
Notes
python-pillow 7.0.0 dropped support for the end of life Python 2.7, so these issues are unlikely to be fixed in this legacy version of python-pillow, which is retained only for compatibility reasons.