CVE-2020-35653

Name
CVE-2020-35653
Description
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Release Notes https://pillow.readthedocs.io/en/stable/releasenotes/index.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
MLIST https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:* pillow >= None < 8.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status