libImaging/PcxDecode.c in Pillow before 6.2.2 has an PCX P mode buffer overflow. Upstream patch: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd References: https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
Created python-pillow tracking bugs for this issue: Affects: fedora-all [bug 1789541] Created python3-pillow tracking bugs for this issue: Affects: epel-7 [bug 1789542]
While Red Hat Quay includes the python-pillow it's not used, therefore this issue is rated moderate for Red Hat Quay.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0566
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-5312
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0580
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0578
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0898 https://access.redhat.com/errata/RHSA-2020:0898
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2021:0420 https://access.redhat.com/errata/RHSA-2021:0420