vulnerability

Oracle Linux: CVE-2020-5311: ELSA-2020-0580: python-pillow security update (IMPORTANT) (Multiple Advisories)

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 3, 2020
Added
Oct 5, 2022
Modified
Jan 7, 2025

Description

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.

Solution

oracle-linux-upgrade-python3-pillow
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.