CVE-2020-5313

Name
CVE-2020-5313
Description
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
Release Notes https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
UBUNTU https://usn.ubuntu.com/4272-1/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
DEBIAN https://www.debian.org/security/2020/dsa-4631

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:* pillow >= None < 6.2.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status