CVE-2020-5312Classic Buffer Overflow in Pillow

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents9 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
1.7%
top 17.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Python PillowCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedJan 3
Latest updateApr 10

Description

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDpython/pillow< 6.2.2
PyPIpython/pillow< 6.2.2
Debianpython/pillow< 7.0.0-1+3
Ubuntupython/pillow< 3.1.2-0ubuntu1.3+2
Palo Altopaloalto/pan-os

Also affects: Debian Linux 10.0, 9.0, Fedora 30, 31, Ubuntu Linux 14.04, 16.04, 18.04, 19.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
PCX P mode buffer overflow in Pillow2021-11-03
OSV
PCX P mode buffer overflow in Pillow2021-11-03
OSV
pillow vulnerabilities2020-02-06
CVEList
CVE-2020-5312: libImaging/PcxDecode2020-01-03
OSV
CVE-2020-5312: libImaging/PcxDecode2020-01-03

📋Vendor Advisories

4
Palo Alto
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS2024-04-10
Ubuntu
Pillow vulnerabilities2020-02-06
Red Hat
python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c2020-01-03
Debian
CVE-2020-5312: pillow - libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.2020

💬Community

3
Bugzilla
CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 python3-pillow: various flaws [epel-7]2020-01-09
Bugzilla
CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 python-pillow: various flaws [fedora-all]2020-01-09
Bugzilla
CVE-2020-5312 python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c2020-01-09
CVE-2020-5312 — Classic Buffer Overflow in Python | cvebase