| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary code execution |
|
| Description |
| + |
In python-pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
|
| References |
| + |
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security |
| + |
https://github.com/python-pillow/Pillow/pull/5175 |
| + |
https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c |
| + |
https://github.com/python-pillow/Pillow/commit/45a62e91b1f72e79989a7919af97b062dc8dfaf4 |
|
| Notes |
|