Vulnerability CVE-2020-10379
Published: 2020-06-25

Description:
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c.

Type:

CWE-120

 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Python -> Pillow 

 References:
https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
https://github.com/python-pillow/Pillow/commits/master/src/libImaging
https://github.com/python-pillow/Pillow/pull/4538
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
Copyright 2024, cxsecurity.com

 

Back to Top