Oval Definition:oval:org.opensuse.security:def:202035653
Revision Date:2022-06-30Version:1
Title:CVE-2020-35653
Description:

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2020-35653
SUSE CVE-2020-35653
SUSE-SU-2021:1938-1
SUSE-SU-2021:1939-1
SUSE-SU-2021:1940-1
openSUSE-SU-2021:1134-1
Platform(s):openSUSE Leap 15.2
openSUSE Tumbleweed
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • python36-Pillow-8.3.2-1.2 is installed
  • OR python36-Pillow-tk-8.3.2-1.2 is installed
  • OR python38-Pillow-8.3.2-1.2 is installed
  • OR python38-Pillow-tk-8.3.2-1.2 is installed
  • OR python39-Pillow-8.3.2-1.2 is installed
  • OR python39-Pillow-tk-8.3.2-1.2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-Pillow-2.8.1-4.22.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Pillow-4.2.1-3.14.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Pillow-5.2.0-3.8.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • python3-CairoSVG-2.5.1-lp152.2.3.1 is installed
  • AND python3-CairoSVG is signed with openSUSE key
  • OR
  • python3-Pillow-8.3.1-lp152.5.3.1 is installed
  • AND python3-Pillow is signed with openSUSE key
  • OR
  • python3-Pillow-tk-8.3.1-lp152.5.3.1 is installed
  • AND python3-Pillow-tk is signed with openSUSE key
    • BACK