Veracode Vulnerability DatabaseVERACODE:25198Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
pillow is vulnerable to denial of service (DoS). The vulnerability exists through multiple out of bounds roads in j2k_decode_entry in src/libImaging/Jpeg2KDecode.c.
References
github.com/python-pillow/Pillow/commit/cf6da6b79080a8c16984102fdc85f7ce28dca613
github.com/python-pillow/Pillow/commits/master/src/libImaging/
github.com/python-pillow/Pillow/pull/4505
github.com/python-pillow/Pillow/pull/4538
lists.fedoraproject.org/archives/list/[email protected]/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
lists.fedoraproject.org/archives/list/[email protected]/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
pillow.readthedocs.io/en/latest/releasenotes/7.1.0.html
pillow.readthedocs.io/en/stable/releasenotes/
pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
usn.ubuntu.com/4430-1/
usn.ubuntu.com/4430-2/
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P