CVE-2020-35655 log

Source
Severity Low
Remote No
Type Denial of service
Description
In python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
Group Package Affected Fixed Severity Status Ticket
AVG-1439 python2-pillow 6.2.1-3 Medium Vulnerable
AVG-1438 python-pillow 8.0.1-3 8.1.0-1 Medium Fixed
Date Advisory Group Package Severity Description
12 Jan 2021 ASA-202101-11 AVG-1438 python-pillow Medium multiple issues
References
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
https://github.com/python-pillow/Pillow/pull/5173
https://github.com/python-pillow/Pillow/commit/7e95c63fa7f503f185d3d9eb16b9cee1e54d1e46
https://github.com/python-pillow/Pillow/commit/9a2c9f722f78773e608d44710873437baf3f17d1