ArchLinux: 202101-11: python-pillow: multiple issues
Summary
- CVE-2020-35653 (information disclosure)
In python-pillow before 8.1.0, PcxDecode has a buffer over-read when
decoding a crafted PCX file because the user-supplied stride value is
trusted for buffer calculations.
- CVE-2020-35654 (arbitrary code execution)
In python-pillow before 8.1.0, TiffDecode has a heap-based buffer
overflow when decoding crafted YCbCr files because of certain
interpretation conflicts with LibTIFF in RGBA mode.
- CVE-2020-35655 (denial of service)
In python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-
read when decoding crafted SGI RLE image files because offsets and
length tables are mishandled.
Resolution
Upgrade to 8.1.0-1.
# pacman -Syu "python-pillow>=8.1.0-1"
The problems have been fixed upstream in version 8.1.0.
References
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security https://github.com/python-pillow/Pillow/pull/5174 https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf https://github.com/python-pillow/Pillow/pull/5175 https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c https://github.com/python-pillow/Pillow/commit/45a62e91b1f72e79989a7919af97b062dc8dfaf4 https://github.com/python-pillow/Pillow/pull/5173 https://github.com/python-pillow/Pillow/commit/7e95c63fa7f503f185d3d9eb16b9cee1e54d1e46 https://github.com/python-pillow/Pillow/commit/9a2c9f722f78773e608d44710873437baf3f17d1 https://security.archlinux.org/CVE-2020-35653 https://security.archlinux.org/CVE-2020-35654 https://security.archlinux.org/CVE-2020-35655
Workaround
None.