pillow is vulnerable to denial of service (DoS). The vulnerability exists as there was a lack of sanity check on xsize
when decoding Pcx
images with the P
mode.
CPE | Name | Operator | Version |
---|---|---|---|
pillow | le | 6.2.1 | |
python-imaging | eq | 1.1.6__19.el6 |
access.redhat.com/errata/RHSA-2020:0566
access.redhat.com/errata/RHSA-2020:0578
access.redhat.com/errata/RHSA-2020:0580
access.redhat.com/errata/RHSA-2020:0681
access.redhat.com/errata/RHSA-2020:0683
access.redhat.com/errata/RHSA-2020:0694
github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
lists.fedoraproject.org/archives/list/[email protected]/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
lists.fedoraproject.org/archives/list/[email protected]/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
usn.ubuntu.com/4272-1/
www.debian.org/security/2020/dsa-4631