CVE-2020-10378

Out-of-bounds Read in pypi/Pillow

Identifiers

CVE-2020-10378

Package Slug

pypi/Pillow

Vulnerability

Out-of-bounds Read

Description

In libImaging/PcxDecode.c in Pillow, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

Affected Versions

All versions before 6.2.3, version 7.0.0

Solution

Upgrade to version 7.1.0 or above.

Last Modified

2020-07-03

source