Mageia: 2020-0434 Severe: Python-Pillow Out-Of-Bounds Issues

mageia

November 23, 2020

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177)

Summary

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177).
In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer (CVE-2020-10378).
An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality (CVE-2020-10994).
An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and in...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26919

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HOKHNWV2VS5GESY7IBD237E7C6T3I427/

- https://www.cve.org/CVERecord?id=CVE-2020-10177

- https://www.cve.org/CVERecord?id=CVE-2020-10378

- https://www.cve.org/CVERecord?id=CVE-2020-10994

- https://www.cve.org/CVERecord?id=CVE-2020-11538

Topics Covered

security advisory confidentiality out-of-bounds integrity mageia system availability python-pillow

Resolution

SRPMS

- 7/core/python-pillow-5.4.1-1.3.mga7

Publication date: 23 Nov 2020

URL: https://advisories.mageia.org/MGASA-2020-0434.html

Type: security

CVE: CVE-2020-10177, CVE-2020-10378, CVE-2020-10994, CVE-2020-11538

Topics Covered

security advisory confidentiality out-of-bounds integrity mageia system availability python-pillow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0434 Severe: Python-Pillow Out-Of-Bounds Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0434 Severe: Python-Pillow Out-Of-Bounds Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!