Assigner | mitre |
Reserved | 2024-03-07 |
Published | 2024-04-03 |
Updated | 2024-04-10 |
Description
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R |
References
https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/ (FEDORA-2024-e4b1b4eab1)
https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html ([debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update)