GHSA-hf64-x4gq-p99h

Source

https://github.com/advisories/GHSA-hf64-x4gq-p99h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-hf64-x4gq-p99h/GHSA-hf64-x4gq-p99h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hf64-x4gq-p99h

Aliases

Published

2021-03-18T19:55:34Z

Modified

2024-10-08T13:23:04.536308Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

Pillow Out-of-bounds Read

Details

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

References

Affected packages

PyPI / pillow

Package

Name: pillow; View open source insights on deps.dev
Purl: pkg:pypi/pillow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

8.1.0

Affected versions

4.*

4.3.0

5.*

5.0.0

5.1.0

5.2.0

5.3.0

5.4.0.dev0

5.4.0

5.4.1

6.*

6.0.0

6.1.0

6.2.0

6.2.1

6.2.2

7.*

7.0.0

7.1.0

7.1.1

7.1.2

7.2.0

8.*

8.0.0

8.0.1