SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2020-10379

Date: (C)2020-06-26 (M)2023-12-22

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.8		CVSS Score : 6.8
Exploit Score: 1.8		Exploit Score: 8.6
Impact Score: 5.9		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: LOCAL		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: REQUIRED		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: HIGH

Reference:

FEDORA-2020-c52106e48a

FEDORA-2020-d0737711b6

https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac

https://github.com/python-pillow/Pillow/commits/master/src/libImaging

https://github.com/python-pillow/Pillow/pull/4538

https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html

oval:org.secpod.oval:def:67045
oval:org.secpod.oval:def:118410
oval:org.secpod.oval:def:2106201
oval:org.secpod.oval:def:705550
...

© SecPod Technologies