libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. Upstream patch: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 References: https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
Created python-pillow tracking bugs for this issue: Affects: fedora-all [bug 1789541] Created python3-pillow tracking bugs for this issue: Affects: epel-7 [bug 1789542]
While Red Hat Quay includes the python-pillow it's not used, therefore this issue is rated moderate for Red Hat Quay.
The vulnerability was introduced with https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f, which add support for reading tiled TIFF images and add the realloc call.
Statement: This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they did not include support for tiled TIFF images, where the flaw lies.
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2021:0420 https://access.redhat.com/errata/RHSA-2021:0420
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-5310