| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary code execution |
|
| Description |
| + |
A security issue was found in python-pillow before version 8.1.1. The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c, so the potentially exploitable heap-based buffer overflow when decoding crafted YCbCr files is still possible. |
|
| References |
| + |
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html |
| + |
https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299 |
|
| Notes |
|