CVE-2020-35653

Out-of-bounds Read in pypi/Pillow

Identifiers

CVE-2020-35653

Package Slug

pypi/Pillow

Vulnerability

Out-of-bounds Read

Description

In Pillow, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

Affected Versions

All versions before 8.1.0

Solution

Upgrade to version 8.1.0 or above.

Last Modified

2021-01-13

source