Vulnerability Database
Blog
FAQ
CVE-2020-5313
Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5313.json
Aliases
DLA-2057-1
DSA-4631-1
GHSA-hj69-c76v-86wr
(
PYSEC-2020-84
)
PYSEC-2020-84
Published
2020-01-03T01:15:00Z
Modified
2023-01-24T01:43:00Z
Details
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
References
https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
https://usn.ubuntu.com/4272-1/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
https://www.debian.org/security/2020/dsa-4631
Affected packages
Alpine:v3.12
/
py3-pillow
py3-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Fixed
6.2.2-r0
Affected versions
Alpine:v3.13
/
py3-pillow
py3-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Fixed
6.2.2-r0
Affected versions
Alpine:v3.14
/
py3-pillow
py3-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Fixed
6.2.2-r0
Affected versions
Alpine:v3.15
/
py3-pillow
py3-pillow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Fixed
6.2.2-r0
Affected versions
CVE-2020-5313 - OSV