CVE-2020-35655
pypi/Pillow
Out-of-bounds Read
In Pillow, SGIRleDecode
has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
All versions starting from 4.3.0 before 8.1.0
Upgrade to version 8.1.0 or above.
2021-01-13
source |