CVE-2021-25289 log

Severity Medium
Remote No
Type Arbitrary code execution
A security issue was found in python-pillow before version 8.1.1. The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c, so the potentially exploitable heap-based buffer overflow when decoding crafted YCbCr files is still possible.
Group Package Affected Fixed Severity Status Ticket
AVG-1439 python2-pillow 6.2.1-3 Medium Unknown
AVG-1635 python-pillow 8.1.0-1 8.1.2-1 Medium Fixed FS#70044