CVE-2020-35654
pypi/Pillow
Out-of-bounds Write
In Pillow, TiffDecode
has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
All versions before 8.1.0
Upgrade to version 8.1.0 or above.
2021-01-13
source |