CVE-2020-35654

Out-of-bounds Write in pypi/Pillow

Identifiers

CVE-2020-35654

Package Slug

pypi/Pillow

Vulnerability

Out-of-bounds Write

Description

In Pillow, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

Affected Versions

All versions before 8.1.0

Solution

Upgrade to version 8.1.0 or above.

Last Modified

2021-01-13

source