Search Results | AttackerKB

2 Total Results

Displaying 1-2 of 2

Attacker Value

Unknown

CVE-2021-25289

Disclosure Date: March 19, 2021 (last updated October 07, 2023)

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

Attacker Value

Unknown

CVE-2020-35654

Disclosure Date: January 12, 2021 (last updated November 08, 2023)

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

Attack Vector: Network Privileges: None User Interaction: Required

2 Total Results

Displaying 1-2 of 2

Unknown

CVE-2021-25289

Unknown

CVE-2020-35654

Quick Cookie Notification