CVE-2020-5313Out-of-bounds Read in Pillow

CWE-125Out-of-bounds Read13 documents9 sources
Severity
7.1HIGHNVD
OSV7.5
EPSS
0.6%
top 31.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Python PillowCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedJan 3
Latest updateFeb 14

Description

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages5 packages

NVDpython/pillow< 6.2.2
PyPIpython/pillow< 6.2.2
Debianpython/pillow< 7.0.0-1+3
Ubuntupython/pillow< 3.1.2-0ubuntu1.3+2
Palo Altopaloalto/pan-os

Also affects: Debian Linux 10.0, 9.0, Fedora 30, 31, Ubuntu Linux 14.04, 16.04, 18.04, 19.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Out-of-bounds Read in Pillow2020-04-01
GHSA
Out-of-bounds Read in Pillow2020-04-01
OSV
pillow vulnerabilities2020-02-06
CVEList
CVE-2020-5313: libImaging/FliDecode2020-01-03
OSV
CVE-2020-5313: libImaging/FliDecode2020-01-03

📋Vendor Advisories

4
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Pillow vulnerabilities2020-02-06
Red Hat
python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images2020-01-03
Debian
CVE-2020-5313: pillow - libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.2020

💬Community

3
Bugzilla
CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 python3-pillow: various flaws [epel-7]2020-01-09
Bugzilla
CVE-2020-5313 python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images2020-01-09
Bugzilla
CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 python-pillow: various flaws [fedora-all]2020-01-09
CVE-2020-5313 — Out-of-bounds Read in Python Pillow | cvebase