CVE-2020-11538 Information

Feb 14, 2021 cve

Description

In libImaging/SgiRleDecode.c in Pillow through 7.0.0 a number of out-of-bounds reads exist in the parsing of SGI image files a different issue than CVE-2020-5311.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/python-pillow/Pillow/pull/4504 https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/ https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html https://pillow.readthedocs.io/en/stable/releasenotes/index.html https://usn.ubuntu.com/4430-1/ https://usn.ubuntu.com/4430-2/

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1

Share on: