Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2020.1128
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2020-1128)
Summary:The remote host is missing an update for the Huawei EulerOS 'python-pillow' package(s) announced via the EulerOS-SA-2020-1128 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS 'python-pillow' package(s) announced via the EulerOS-SA-2020-1128 advisory.

Vulnerability Insight:
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.(CVE-2019-16865)

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.(CVE-2020-5313)

Affected Software/OS:
'python-pillow' package(s) on Huawei EulerOS V2.0SP5.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-5313
Debian Security Information: DSA-4631 (Google Search)
https://www.debian.org/security/2020/dsa-4631
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
https://usn.ubuntu.com/4272-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.