High severityNVD Advisory· Published Jun 25, 2020· Updated Aug 4, 2024
CVE-2020-10379
CVE-2020-10379
Description
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 7.1.0 | 7.1.0 |
Affected products
3- Pillow/Pillowdescription
- osv-coords2 versions
< 7.1.0+ 1 more
- (no CPE)range: < 7.1.0
- (no CPE)range: < 7.1.0
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-8843-m7mw-mxqmghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-10379ghsaADVISORY
- usn.ubuntu.com/4430-2/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-78.yamlghsaWEB
- github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbbghsax_refsource_MISCWEB
- github.com/python-pillow/Pillow/commits/master/src/libImagingghsax_refsource_MISCWEB
- github.com/python-pillow/Pillow/issues/4750ghsaWEB
- github.com/python-pillow/Pillow/pull/4538ghsax_refsource_MISCWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGDghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427ghsaWEB
- pillow.readthedocs.io/en/stable/releasenotes/6.2.3.htmlghsaWEB
- pillow.readthedocs.io/en/stable/releasenotes/7.1.0.htmlghsax_refsource_CONFIRMWEB
- snyk.io/vuln/SNYK-PYTHON-PILLOW-574577ghsaWEB
- usn.ubuntu.com/4430-2ghsaWEB
News mentions
0No linked articles in our index yet.