RHSA-2020:0580-01 -- Redhat python-pillowID: oval:org.secpod.oval:def:66526 | Date: (C)2020-10-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix: * python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c * python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c * python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.