logo

Database

Out-of-bounds read In pillow

Description

Integer overflow in Pillow libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-53102. NVD-2020-53103. OSV-DEBIAN-2020-53104. OSV-2020-53105. OSV-ALPINE-2020-53106. GHSA-vcqg-3p29-xw737. GCVE-2020-53108. SECURITY-TRACKER-CVE-2020-53109. SECURITY-CVE-2020-5310

References

1. https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c42. https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml3. https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml4. https://lists.fedoraproject.org/archives/list/[email protected]/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A5. https://lists.fedoraproject.org/archives/list/[email protected]/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P6. https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html7. https://usn.ubuntu.com/4272-1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.