logo

Database

Improper resource allocation - Buffer overflow In pillow

Description

Buffer Copy without Checking Size of Input in Pillow libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 11

10

Aliases

1. CVE-2020-53112. NVD-2020-53113. OSV-DEBIAN-2020-53114. OSV-2020-53115. OSV-ALPINE-2020-53116. GHSA-r7rm-8j6h-r9337. GCVE-2020-53118. SECURITY-TRACKER-CVE-2020-53119. access.redhat.com10. access.redhat.com11. SECURITY-CVE-2020-5311

References

1. https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f32. https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-82.yaml3. https://lists.fedoraproject.org/archives/list/[email protected]/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A4. https://lists.fedoraproject.org/archives/list/[email protected]/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P5. https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html6. https://usn.ubuntu.com/4272-17. https://www.debian.org/security/2020/dsa-4631

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.