vulnerability
Oracle Linux: CVE-2020-11538: ELSA-2020-3185: python-pillow security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | 2020-07-01 | 2020-07-30 | 2024-11-29 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
2020-07-01
Added
2020-07-30
Modified
2024-11-29
Description
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solution
oracle-linux-upgrade-python3-pillow
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.