suse-su-2020:2057-1
Vulnerability from csaf_suse
Published
2020-07-27 20:26
Modified
2020-07-27 20:26
Summary
Security update for python-Pillow
Notes
Title of the patch
Security update for python-Pillow
Description of the patch
This update for python-Pillow fixes the following issues:
- Add 0019-FLI-overflow-error-fix-and-testcase.patch
* Fixes CVE-2016-0775, bsc#965582
- Add 0020-Fix-OOB-reads-in-FLI-decoding.patch
* Fixes CVE-2020-10177, bsc#1173413
- Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
* Fixes CVE-2020-10994, bsc#1173418
- Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch
* Fixes CVE-2020-10378, bsc#1173416
- Add 0008-Corrected-negative-seeks.patch
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0009-Make-Image.crop-an-immediate-operation.patch
* Fixes https://github.com/python-pillow/Pillow/issues/1077
* Used by 0012-Added-decompression-bomb-checks.patch
- Add 0010-Crop-decompression.patch
* Used by 0012-Added-decompression-bomb-checks.patch
- Add 0011-Added-DecompressionBombError.patch
* Used by 0012-Added-decompression-bomb-checks.patch
- Add 0012-Added-decompression-bomb-checks.patch
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0013-Raise-error-if-dimension-is-a-string.patch
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0014-Catch-buffer-overruns.patch
* Fixes part of CVE-2019-16865, bsc#1153191
- Add 0015-Catch-PCX-P-mode-buffer-overrun.patch
* Fixes CVE-2020-5312, bsc#1160152
- Add 0016-Ensure-previous-FLI-frame-is-loaded.patch
* Fixes https://github.com/python-pillow/Pillow/issues/2649
* Uncovers CVE-2020-5313, bsc#1160153
- Add 0017-Catch-FLI-buffer-overrun.patch
* Fixes CVE-2020-5313, bsc#1160153
- Add 018-Invalid-number-of-bands-in-FPX-image.patch
* Fixes CVE-2019-19911, bsc#1160192
Patchnames
SUSE-2020-2057,SUSE-Storage-5-2020-2057
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Pillow",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Pillow fixes the following issues:\n\n- Add 0019-FLI-overflow-error-fix-and-testcase.patch\n * Fixes CVE-2016-0775, bsc#965582\n- Add 0020-Fix-OOB-reads-in-FLI-decoding.patch\n * Fixes CVE-2020-10177, bsc#1173413\n- Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch\n * Fixes CVE-2020-10994, bsc#1173418\n- Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch\n * Fixes CVE-2020-10378, bsc#1173416\n- Add 0008-Corrected-negative-seeks.patch\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0009-Make-Image.crop-an-immediate-operation.patch\n * Fixes https://github.com/python-pillow/Pillow/issues/1077\n * Used by 0012-Added-decompression-bomb-checks.patch\n- Add 0010-Crop-decompression.patch\n * Used by 0012-Added-decompression-bomb-checks.patch\n- Add 0011-Added-DecompressionBombError.patch\n * Used by 0012-Added-decompression-bomb-checks.patch\n- Add 0012-Added-decompression-bomb-checks.patch\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0013-Raise-error-if-dimension-is-a-string.patch\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0014-Catch-buffer-overruns.patch\n * Fixes part of CVE-2019-16865, bsc#1153191\n- Add 0015-Catch-PCX-P-mode-buffer-overrun.patch\n * Fixes CVE-2020-5312, bsc#1160152\n- Add 0016-Ensure-previous-FLI-frame-is-loaded.patch\n * Fixes https://github.com/python-pillow/Pillow/issues/2649\n * Uncovers CVE-2020-5313, bsc#1160153\n- Add 0017-Catch-FLI-buffer-overrun.patch\n * Fixes CVE-2020-5313, bsc#1160153\n- Add 018-Invalid-number-of-bands-in-FPX-image.patch\n * Fixes CVE-2019-19911, bsc#1160192\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2057,SUSE-Storage-5-2020-2057",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2057-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2057-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202057-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2057-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-July/007188.html"
},
{
"category": "self",
"summary": "SUSE Bug 1153191",
"url": "https://bugzilla.suse.com/1153191"
},
{
"category": "self",
"summary": "SUSE Bug 1160152",
"url": "https://bugzilla.suse.com/1160152"
},
{
"category": "self",
"summary": "SUSE Bug 1160153",
"url": "https://bugzilla.suse.com/1160153"
},
{
"category": "self",
"summary": "SUSE Bug 1160192",
"url": "https://bugzilla.suse.com/1160192"
},
{
"category": "self",
"summary": "SUSE Bug 1173413",
"url": "https://bugzilla.suse.com/1173413"
},
{
"category": "self",
"summary": "SUSE Bug 1173416",
"url": "https://bugzilla.suse.com/1173416"
},
{
"category": "self",
"summary": "SUSE Bug 1173418",
"url": "https://bugzilla.suse.com/1173418"
},
{
"category": "self",
"summary": "SUSE Bug 965582",
"url": "https://bugzilla.suse.com/965582"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0775 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16865 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19911 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10177 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10378 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10994 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-5312 page",
"url": "https://www.suse.com/security/cve/CVE-2020-5312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-5313 page",
"url": "https://www.suse.com/security/cve/CVE-2020-5313/"
}
],
"title": "Security update for python-Pillow",
"tracking": {
"current_release_date": "2020-07-27T20:26:47Z",
"generator": {
"date": "2020-07-27T20:26:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2057-1",
"initial_release_date": "2020-07-27T20:26:47Z",
"revision_history": [
{
"date": "2020-07-27T20:26:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-2.8.1-3.9.1.aarch64",
"product": {
"name": "python-Pillow-2.8.1-3.9.1.aarch64",
"product_id": "python-Pillow-2.8.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-Pillow-tk-2.8.1-3.9.1.aarch64",
"product": {
"name": "python-Pillow-tk-2.8.1-3.9.1.aarch64",
"product_id": "python-Pillow-tk-2.8.1-3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-2.8.1-3.9.1.x86_64",
"product": {
"name": "python-Pillow-2.8.1-3.9.1.x86_64",
"product_id": "python-Pillow-2.8.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-Pillow-tk-2.8.1-3.9.1.x86_64",
"product": {
"name": "python-Pillow-tk-2.8.1-3.9.1.x86_64",
"product_id": "python-Pillow-tk-2.8.1-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-2.8.1-3.9.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64"
},
"product_reference": "python-Pillow-2.8.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-2.8.1-3.9.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
},
"product_reference": "python-Pillow-2.8.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0775"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0775",
"url": "https://www.suse.com/security/cve/CVE-2016-0775"
},
{
"category": "external",
"summary": "SUSE Bug 965579 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965579"
},
{
"category": "external",
"summary": "SUSE Bug 965582 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "moderate"
}
],
"title": "CVE-2016-0775"
},
{
"cve": "CVE-2019-16865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16865"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16865",
"url": "https://www.suse.com/security/cve/CVE-2019-16865"
},
{
"category": "external",
"summary": "SUSE Bug 1153191 for CVE-2019-16865",
"url": "https://bugzilla.suse.com/1153191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "moderate"
}
],
"title": "CVE-2019-16865"
},
{
"cve": "CVE-2019-19911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19911"
}
],
"notes": [
{
"category": "general",
"text": "There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19911",
"url": "https://www.suse.com/security/cve/CVE-2019-19911"
},
{
"category": "external",
"summary": "SUSE Bug 1160192 for CVE-2019-19911",
"url": "https://bugzilla.suse.com/1160192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "important"
}
],
"title": "CVE-2019-19911"
},
{
"cve": "CVE-2020-10177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10177"
}
],
"notes": [
{
"category": "general",
"text": "Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10177",
"url": "https://www.suse.com/security/cve/CVE-2020-10177"
},
{
"category": "external",
"summary": "SUSE Bug 1173413 for CVE-2020-10177",
"url": "https://bugzilla.suse.com/1173413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "moderate"
}
],
"title": "CVE-2020-10177"
},
{
"cve": "CVE-2020-10378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10378"
}
],
"notes": [
{
"category": "general",
"text": "In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state-\u003eshuffle is instructed to read beyond state-\u003ebuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10378",
"url": "https://www.suse.com/security/cve/CVE-2020-10378"
},
{
"category": "external",
"summary": "SUSE Bug 1161670 for CVE-2020-10378",
"url": "https://bugzilla.suse.com/1161670"
},
{
"category": "external",
"summary": "SUSE Bug 1173416 for CVE-2020-10378",
"url": "https://bugzilla.suse.com/1173416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "moderate"
}
],
"title": "CVE-2020-10378"
},
{
"cve": "CVE-2020-10994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10994"
}
],
"notes": [
{
"category": "general",
"text": "In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10994",
"url": "https://www.suse.com/security/cve/CVE-2020-10994"
},
{
"category": "external",
"summary": "SUSE Bug 1173418 for CVE-2020-10994",
"url": "https://bugzilla.suse.com/1173418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "moderate"
}
],
"title": "CVE-2020-10994"
},
{
"cve": "CVE-2020-5312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-5312"
}
],
"notes": [
{
"category": "general",
"text": "libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-5312",
"url": "https://www.suse.com/security/cve/CVE-2020-5312"
},
{
"category": "external",
"summary": "SUSE Bug 1160152 for CVE-2020-5312",
"url": "https://bugzilla.suse.com/1160152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "important"
}
],
"title": "CVE-2020-5312"
},
{
"cve": "CVE-2020-5313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-5313"
}
],
"notes": [
{
"category": "general",
"text": "libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-5313",
"url": "https://www.suse.com/security/cve/CVE-2020-5313"
},
{
"category": "external",
"summary": "SUSE Bug 1160153 for CVE-2020-5313",
"url": "https://bugzilla.suse.com/1160153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.aarch64",
"SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-27T20:26:47Z",
"details": "important"
}
],
"title": "CVE-2020-5313"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…