CVE-2020-5310 — Integer Overflow or Wraparound in Pillow

CWE-190 — Integer Overflow or Wraparound13 documents9 sources

Severity

8.8HIGHNVD

OSV7.5

EPSS

0.6%

top 30.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Pillow Canonical Ubuntu Linux Fedoraproject Fedora +1 more

Timeline

PublishedJan 3

Latest updateFeb 14

Description

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDpython/pillow< 6.2.2

▶PyPIpython/pillow< 6.2.2

▶Debianpython/pillow< 7.0.0-1+3

▶Ubuntupython/pillow< 3.1.2-0ubuntu1.3+2

▶Palo Altopaloalto/pan-os

Also affects: Fedora 30, 31, Ubuntu Linux 14.04, 16.04, 18.04, 19.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Integer overflow in Pillow↗2021-11-03

▶

OSV

Integer overflow in Pillow↗2021-11-03

▶

OSV

pillow vulnerabilities↗2020-02-06

▶

CVEList

CVE-2020-5310: libImaging/TiffDecode↗2020-01-03

▶

OSV

CVE-2020-5310: libImaging/TiffDecode↗2020-01-03

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Pillow vulnerabilities↗2020-02-06

▶

Red Hat

python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode↗2020-01-03

▶

Debian

CVE-2020-5310: pillow - libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overf...↗2020

▶

💬Community

Bugzilla

CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 python3-pillow: various flaws [epel-7]↗2020-01-09

▶

Bugzilla

CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 python-pillow: various flaws [fedora-all]↗2020-01-09

▶

Bugzilla

CVE-2020-5310 python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode↗2020-01-09

▶