漏洞信息详情
Pillow 缓冲区错误漏洞
- CNNVD编号:CNNVD-202104-972 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2021-25287
- 漏洞类型: 缓冲区错误
- 发布时间: 2021-04-13
- 威胁类型: 远程
- 更新时间: 2021-11-11
- 厂 商:
- 漏洞来源: Ubuntu
-
漏洞简介
Pillow是一款基于Python的图像处理库。
Pillow存在缓冲区错误漏洞,该漏洞允许远程攻击者访问敏感的信息。以下产品及版本受到影响:Pillow 1.0、Pillow 1.2、Pillow 1.7.6、Pillow 1.7.7、Pillow 1.7.8、Pillow 2.0.0、Pillow 2.1.0、Pillow 2.2.0、Pillow 2.2.1、Pillow 2.2.2、Pillow 2.3.0、Pillow 2.3.1、Pillow 2.3.2、Pillow 2.4.0、Pillow 2.5.0、Pillow 2.5.1、Pillow 2.5.2、Pillow 2.5.3、Pillow 2.6.0、Pillow 2.6.1、Pillow 2.6.2、Pillow 2.7.0、Pillow 2.8.0、Pillow 2.8.1、Pillow 2.8.2、Pillow 2.9.0、Pillow 3.0.0、Pillow 3.1.0、Pillow 3.1.1、Pillow 3.1.2、Pillow 3.2.0、Pillow 3.3.0、Pillow 3.3.1、Pillow 3.3.2、Pillow 3.3.3、Pillow 3.4.0、Pillow 3.4.1、Pillow 3.4.2、Pillow 4.0.0、Pillow 4.1.0、Pillow 4.1.1、Pillow 4.2.0、Pillow 4.2.1、Pillow 4.3.0、Pillow 5.0.0、Pillow 5.1.0、Pillow 5.2.0、Pillow 5.3.0、Pillow 5.4.0、Pillow 5.4.1、Pillow 6.0.0、Pillow 6.1.0、Pillow 6.2.0、Pillow 6.2.1、Pillow 6.2.2、Pillow 6.2.3、Pillow 7.0.0、Pillow 7.0.1、Pillow 7.1.0、Pillow 7.1.1、Pillow 7.1.2、Pillow 7.2.0、Pillow 8.0.0、Pillow 8.0.1、Pillow 8.1.0、Pillow 8.1.1、Pillow 8.1.2。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/python-pillow/Pillow/releases/tag/8.2.0
参考网址
来源:MISC
链接:https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
来源:MISC
链接:https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1770
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164871/Red-Hat-Security-Advisory-2021-4149-03.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162718/Ubuntu-Security-Notice-USN-4963-1.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163500/Gentoo-Linux-Security-Advisory-202107-33.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2092
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Pillow-six-vulnerabilities-35493
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021041363
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3811
受影响实体
暂无
补丁
暂无
还没有评论,来说两句吧...