CVE-2020-5313

HIGH

Python Pillow < 6.2.2 - Out-of-Bounds Read

Title source: rule

Description

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

References (6)

Scores

CVSS v3 7.1
EPSS 0.0055
EPSS Percentile 67.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Classification

CWE
CWE-125
Status published

Affected Products (10)

python/pillow < 6.2.2
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux
debian/debian_linux
fedoraproject/fedora
fedoraproject/fedora
pypi/Pillow < 6.2.2PyPI

Timeline

Published Jan 03, 2020
Tracked Since Feb 18, 2026