Vulnerability CVE-2020-10994

Vulnerability Name:

CVE-2020-10994 (CCN-184355)

Assigned:

2020-03-28

Published:

2020-03-28

Updated:

2023-02-27

Summary:

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-10994

Source: XF
Type: UNKNOWN
pillow-cve202010994-dos(184355)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Pillow GIT Repository
Fix bounds overflow in JPEG 2000 decoding #4505

Source: cve@mitre.org
Type: Issue Tracking, Patch
cve@mitre.org

Source: cve@mitre.org
Type: Issue Tracking, Patch
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Ubuntu CVE Tracker
CVE-2020-10994

Source: cve@mitre.org
Type: Release Notes
cve@mitre.org

Source: cve@mitre.org
Type: Product
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-10994

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:python:pillow:7.0.0:*:*:*:*:*:*:*

AND

cpe:/o:canonical:ubuntu:16.04::~~lts~~~:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:18.04::~~lts~~~:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:12.04::~~esm~~~:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:14.04::~~esm~~~:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:20.04::~~lts~~~:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:20.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202010994	V	CVE-2020-10994	2022-05-22
oval:org.opensuse.security:def:58038	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:60340	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:57479	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:57930	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:59856	P	Security update for python-cryptography (Important)	2021-03-02
oval:org.opensuse.security:def:60456	P	Security update for tomcat (Moderate)	2021-02-19
oval:org.opensuse.security:def:60300	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:61058	P	Security update for openexr (Moderate)	2020-12-23
oval:org.opensuse.security:def:60815	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60711	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:58242	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:60718	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:60041	P	Security update for bash (Important)	2020-12-01
oval:org.opensuse.security:def:56962	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:60761	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:58204	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:60600	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:56799	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:60978	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:60672	P	Security update for python-PyKMIP (Moderate)	2020-12-01
oval:org.opensuse.security:def:58130	P	Security update for python-Pillow (Important)	2020-12-01
oval:org.opensuse.security:def:57200	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:61028	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:60634	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:60111	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:56800	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:60937	P	Security update for galera-3, mariadb, mariadb-connector-c (Important)	2020-12-01
oval:org.opensuse.security:def:60552	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57373	P	Security update for icedtea-web	2020-12-01
oval:org.opensuse.security:def:58273	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:60899	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:57645	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:56822	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:60790	P	Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift (Important)	2020-12-01
oval:org.opensuse.security:def:58323	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:58348	P	Security update for qemu (Moderate)	2020-11-29
oval:org.opensuse.security:def:84056	P	Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift (Important)	2020-11-12
oval:org.opensuse.security:def:84511	P	Security update for ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana-mq, ardana-nova, ardana-osconfig, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-monasca-installer, openstack-neutron, openstack-nova, python-Django, python-Flask-Cors, python-Pillow, python-ardana-packager, python-keystoneclient, python-keystonemiddleware, python-kombu, python-straight-plugin, python-urllib3, release-notes-suse-openstack-cloud, storm, storm-kit, venv-openstack-cinder, venv-openstack-swift (Important)	2020-11-12

BACK