| Vulnerability Name: | CVE-2020-35655 (CCN-194836) | ||||||||||||||||||||||||||||
| Assigned: | 2020-12-23 | ||||||||||||||||||||||||||||
| Published: | 2020-12-23 | ||||||||||||||||||||||||||||
| Updated: | 2021-01-29 | ||||||||||||||||||||||||||||
| Summary: | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) 4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
4.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-125 CWE-125 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-35655 Source: XF Type: UNKNOWN pillow-cve202035655-bo(194836) Source: CCN Type: Pillow GIT Repository Pillow Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-a8ddc1ce70 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-880aa7bd27 Source: CCN Type: Pillow Web site Pillow Source: MISC Type: Release Notes, Third Party Advisory https://pillow.readthedocs.io/en/stable/releasenotes/index.html | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration RedHat 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||