CVE-2020-35654 — Out-of-bounds Write in Pillow

CWE-787 — Out-of-bounds Write CWE-120 — Classic Buffer Overflow17 documents8 sources

Severity

9.8CRITICALNVD

NVD8.8CNA8.8GHSA8.8OSV8.8OSV7.1

EPSS

0.2%

top 57.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Pillow Fedoraproject Fedora Paloalto Pan-os

Timeline

PublishedJan 12

Latest updateFeb 14

Description

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDpython/pillow< 8.1.0+1

▶PyPIpython/pillow< 8.1.0+1

▶Debianpython/pillow< 8.1.0-1+7

▶Ubuntupython/pillow< 3.1.2-0ubuntu1.5+2

▶Palo Altopaloalto/pan-os

Also affects: Fedora 32, 33

🔴Vulnerability Details

OSV

Out of bounds write in Pillow↗2021-03-29

▶

GHSA

Out of bounds write in Pillow↗2021-03-29

▶

CVEList

CVE-2021-25289: An issue was discovered in Pillow before 8↗2021-03-19

▶

OSV

CVE-2021-25289: An issue was discovered in Pillow before 8↗2021-03-19

▶

OSV

Pillow Out-of-bounds Write↗2021-03-18

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Red Hat

python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c↗2021-02-28

▶

Ubuntu

Pillow vulnerabilities↗2021-01-18

▶

Red Hat

python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow↗2021-01-03

▶

Debian

CVE-2021-25289: pillow - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buff...↗2021

▶