Bugzilla – Bug 1160150
VUL-0: CVE-2020-5310: python-Pillow: TIFF decoding integer overflow, related to realloc
Last modified: 2020-10-21 09:24:33 UTC
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer
overflow, related to realloc.
Please submit for:
Looks like this CVE doesn't really affect SOC8 and SOC9.
We have Pillow 4.2.1 / 5.2 in those products respectively.
The problematic realloc()s were added here:
https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d#diff-3263bc8c8967e8fb6699bb2171f35b76R250 (Pillow 5.3.0)
https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f#diff-3263bc8c8967e8fb6699bb2171f35b76R416 (Pillow 6.0.0)
Looking at other distros e.g.: https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5310.html patched versions were released for Pillow versions >=6.1.0 and marked as "not-affected" for versions <=5.1.0.
Debian (https://security-tracker.debian.org/tracker/CVE-2020-5310 ) didn't even release a fix for Pillow 5.4.1 even though the notes mention that the bug was introduced by the same commits I linked earlier (Pillow 5.3.0 / 6.0.0).
Only Pillow 7.0.0 in unstable was fixed.