PYSEC-2021-71 — Vulnetix

PYSEC-2021-71 PUBLISHED

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

Affected Products

Vendor	Product	Versions
PyPI	pillow	4.3.0, 4.3.0, 5.1.0

Timeline

Jan 12, 2021 CVE Published
Dec 6, 2023 CVE Updated

References

https://pillow.readthedocs.io/en/stable/releasenotes/index.html url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/ url
https://github.com/advisories/GHSA-hf64-x4gq-p99h advisory

Open in Interactive Console →