Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-5310: 6.2.2

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

CVE

Back to top

Edit this page

Toggle table of contents sidebar

Security#

This release addresses several security problems.

CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fixed by limiting the number of bands to those usable by Pillow.

Buffer overruns were found when processing an SGI (CVE-2020-5311), PCX (CVE-2020-5312) or FLI image (CVE-2020-5313). Checks have been added to prevent this.

CVE-2020-5310: Overflow checks have been added when calculating the size of a memory block to be reallocated in the processing of a TIFF image.

Related news

RHEA-2020:2011: Red Hat Enhancement Advisory: CNV 2.3.0 Images

Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-1701: virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets * CVE-2020-1742: nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges

CVE-2020-5313: Catch FLI buffer overrun · python-pillow/Pillow@a09acd0

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907