4.3
CVSSv2

CVE-2020-10994

Published: 25/06/2020 Updated: 27/07/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

In libImaging/Jpeg2KDecode.c in Pillow prior to 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python pillow

Github Repositories

CPython bytecode instrumentation and forkserver tools for fuzzing pure python and mixed python/c code using AFL

cpytraceafl CPython bytecode instrumentation and forkserver tools for fuzzing python code using AFL The tools in this repository enable coverage-guided fuzzing of pure python and mixed python/c code using American Fuzzy Lop (even better, AFL++) There are three main parts to this: A bytecode rewriter using a technique inspired by inspired by Ned Batchelder's "wicked