---

CVE-2020-35653 - log back

CVE-2020-35653 edited at 12 Jan 2021 09:50:19
Description	- In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. + In python-pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

CVE-2020-35653 edited at 12 Jan 2021 09:49:53
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
References	+ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security + https://github.com/python-pillow/Pillow/pull/5174 + https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
Notes

CVE-2020-35653 created at 12 Jan 2021 09:47:14