vulnerability
Oracle Linux: CVE-2020-5311: ELSA-2020-0580: python-pillow security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jan 3, 2020 | Oct 5, 2022 | Jan 7, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 3, 2020
Added
Oct 5, 2022
Modified
Jan 7, 2025
Description
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.
An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.
Solution
oracle-linux-upgrade-python3-pillow

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.