CVE-2020-10177 — Out-of-bounds Read in Pillow
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 44.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 25
Latest updateFeb 20
Description
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 9.0, Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 20.04
Patches
🔴Vulnerability Details
5📋Vendor Advisories
5Debian▶
CVE-2020-10177: pillow - Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.↗2020
📄Research Papers
1💬Community
4Bugzilla▶
CVE-2020-10177 python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c [fedora-31]↗2020-07-01
Bugzilla
▶
Bugzilla▶
CVE-2020-10177 python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c [fedora-32]↗2020-07-01
Bugzilla▶
CVE-2018-10177 ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file↗2018-04-26