CVE-2020-35655

Out-of-bounds Read in pypi/Pillow

Identifiers

CVE-2020-35655

Package Slug

pypi/Pillow

Vulnerability

Out-of-bounds Read

Description

In Pillow, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

Affected Versions

All versions starting from 4.3.0 before 8.1.0

Solution

Upgrade to version 8.1.0 or above.

Last Modified

2021-01-13

source