Published: 03/01/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

libImaging/TiffDecode.c in Pillow prior to 6.2.2 has a TIFF decoding integer overflow, related to realloc.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python pillow
canonical ubuntu linux 18.04
fedoraproject fedora 30
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
fedoraproject fedora 31
canonical ubuntu linux 16.04

Synopsis Moderate: Red Hat Quay v340 security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay 340 is now available with bug fixes and variousenhancementsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...

Debian Bug report logs - #948224 pillow: CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 Package: pillow; Maintainer for pillow is Matthias Klose <doko@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Sun, 5 Jan 2020 15:33:01 UTC Severity: grave Tags: security Found in version ...

Several security issues were fixed in Pillow ...

CWE-190 https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 https://usn.ubuntu.com/4272-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/https://access.redhat.com/errata/RHSA-2021:0420 https://usn.ubuntu.com/4272-1/https://nvd.nist.gov

CVE-2020-5310

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect