In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
References
Configurations
History
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
22 Mar 2021, 15:48
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/ - Mailing List, Third Party Advisory |
15 Mar 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jan 2021, 00:48
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jan 2021, 14:10
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://pillow.readthedocs.io/en/stable/releasenotes/index.html - Release Notes, Third Party Advisory | |
CPE | cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
CWE | CWE-787 |
12 Jan 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-12 09:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35654
Mitre link : CVE-2020-35654
CVE.ORG link : CVE-2020-35654
JSON object : View
Products Affected
python
- pillow
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write