vulnerability
Oracle Linux: CVE-2020-5313: ELSA-2020-3185: python-pillow security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:N/A:P) | Jan 3, 2020 | Jul 30, 2020 | Dec 3, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:P)
Published
Jan 3, 2020
Added
Jul 30, 2020
Modified
Dec 3, 2025
Description
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.
An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.
Solutions
oracle-linux-upgrade-python3-pilloworacle-linux-upgrade-python-pilloworacle-linux-upgrade-python-pillow-develoracle-linux-upgrade-python-pillow-docoracle-linux-upgrade-python-pillow-qtoracle-linux-upgrade-python-pillow-saneoracle-linux-upgrade-python-pillow-tk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.