In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
References
Configurations
History
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
22 Apr 2022, 18:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
First Time |
Debian
Debian debian Linux |
|
References |
|
29 Jan 2021, 00:47
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jan 2021, 20:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.1 |
12 Jan 2021, 14:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 | |
CPE | cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 8.1 |
References | (MISC) https://pillow.readthedocs.io/en/stable/releasenotes/index.html - Release Notes, Third Party Advisory |
12 Jan 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-12 09:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35653
Mitre link : CVE-2020-35653
CVE.ORG link : CVE-2020-35653
JSON object : View
Products Affected
debian
- debian_linux
python
- pillow
fedoraproject
- fedora
CWE
CWE-125
Out-of-bounds Read