New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilidade Out-of-bounds #39

Open

vinisec opened this issue Oct 14, 2021 · 0 comments

Labels

vinisec commented Oct 14, 2021

Descreva a vulnerabilidade de segurança (se houver CVE, coloque como
referência)

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c.

References
https://nvd.nist.gov/vuln/detail/CVE-2020-10177
python-pillow/Pillow#4503
python-pillow/Pillow#4538
https://github.com/python-pillow/Pillow/commits/master/src/libImaging
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
https://usn.ubuntu.com/4430-1/
https://usn.ubuntu.com/4430-2/
https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html

Classifique a prioridade de correção, de acordo com a severidade da
vulnerabilidade 90 dias

vinisec added the security label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment