Vulnerability Name:

CVE-2020-35654 (CCN-194841)

Assigned:2020-12-23
Published:2020-12-23
Updated:2021-03-22
Summary:In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-35654

Source: XF
Type: UNKNOWN
pillow-cve202035654-bo(194841)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-a8ddc1ce70

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-880aa7bd27

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-15845d3abe

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-0ece308612

Source: CCN
Type: Pillow Web site
Pillow

Source: MISC
Type: Release Notes, Third Party Advisory
https://pillow.readthedocs.io/en/stable/releasenotes/index.html

Source: CCN
Type: Pillow Web site
Pillow

Vulnerable Configuration:Configuration 1:
  • cpe:/a:python:pillow:*:*:*:*:*:*:*:* (Version < 8.1.0)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:python:pillow:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:2.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:3.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:pillow:7.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113251
    P
    		python36-Pillow-8.3.2-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106663
    P
    		python36-Pillow-8.3.2-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:111006
    P
    		Security update for python-CairoSVG, python-Pillow (Moderate)
    2021-08-10
    BACK
    python pillow *
    fedoraproject fedora 32
    fedoraproject fedora 33
    python pillow 2.3.0
    python pillow 2.3.1
    python pillow 2.3.2
    python pillow 2.6.2
    python pillow 2.7.0
    python pillow 3.1.0
    python pillow 3.3.1
    python pillow 3.1.1
    python pillow 2.5.0
    python pillow 6.1.0
    python pillow 2.8.0
    python pillow 3.0.0
    python pillow 3.1.2
    python pillow 3.2.0
    python pillow 3.3.0
    python pillow 3.3.2
    python pillow 3.4.0
    python pillow 4.0.0
    python pillow 4.1.0
    python pillow 4.1.1
    python pillow 4.2.0
    python pillow 4.2.1
    python pillow 4.3.0
    python pillow 5.0.0
    python pillow 5.1.0
    python pillow 5.2.0
    python pillow 5.3.0
    python pillow 5.4.0
    python pillow 5.4.1
    python pillow 6.0.0
    python pillow 6.2.0
    python pillow 6.2.1
    python pillow 6.2.2
    python pillow 7.0.0