CVE-2020-35653 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
In python-pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Group Package Affected Fixed Severity Status Ticket
AVG-1439 python2-pillow 6.2.1-3 Medium Vulnerable
AVG-1438 python-pillow 8.0.1-3 8.1.0-1 Medium Fixed
Date Advisory Group Package Severity Description
12 Jan 2021 ASA-202101-11 AVG-1438 python-pillow Medium multiple issues
References
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
https://github.com/python-pillow/Pillow/pull/5174
https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf