Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for Buffer Read Overrun in PCX Decoding #5174

Merged
merged 2 commits into from
Jan 2, 2021
Merged

Fix for Buffer Read Overrun in PCX Decoding #5174

merged 2 commits into from
Jan 2, 2021

Conversation

radarhere
Copy link
Member

@radarhere radarhere commented Jan 2, 2021
edited
Loading

CVE-2020-35653 - Buffer Read Overrun in PCX Decoding. The PCX Image decoder used the reported image stride to calculate the row buffer, rather than calculating it from the image size. This issue dates back to the PIL fork. Thanks to Google's OSS-Fuzz project for finding this.

wiredfool and others added 2 commits January 2, 2021 20:38
@wiredfool @radarhere
Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
2f40926 
* Don't trust the image to specify a buffer size
@radarhere
Lint fix
903c673
@radarhere radarhere merged commit 0117694 into python-pillow:master Jan 2, 2021
@radarhere radarhere deleted the pcx branch January 2, 2021 10:00
@radarhere radarhere changed the title Fix for Read Overflow in PCX Decoding Fix for Buffer Read Overrun in PCX Decoding Jan 2, 2021
earthgecko added a commit to earthgecko/skyline that referenced this pull request Jan 15, 2021
@earthgecko
Update Pillow
749a203 
IssueID #3940: SNYK-PYTHON-PILLOW-1055461 and SNYK-PYTHON-PILLOW-1055462

- Added Pillow==8.1.0 as matplotlib@3.3.3 introduced pillow@8.0.1 and Pillow is
  now fixed at 8.1.0 as per:
  https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055461
  https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1055462
  python-pillow/Pillow#5174 which fixes CVE-2020-35653
  and CVE-2020-35655

Modified:
dev-requirements.txt
requirements.txt
@earthgecko earthgecko mentioned this pull request Jan 15, 2021
Merged
@radarhere radarhere mentioned this pull request Jan 20, 2021
Merged
This was referenced Mar 8, 2021
Merged
Closed
Merged
Closed
Merged
@dependabot dependabot bot mentioned this pull request Mar 17, 2021
Merged
@aclark4life aclark4life mentioned this pull request Mar 8, 2024
Closed
@radarhere
Copy link
Member Author

I just found that this bug made the Atheris Hall of Fame - https://github.com/google/atheris/blob/54accd93d19386f6217f4d5ec8d13c94af27538f/hall_of_fame.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@radarhere @tcullum-rh @wiredfool